Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not Convinced System Safe After Multiple Infections [Closed]


  • This topic is locked This topic is locked

#1
clutsta

clutsta

    Member

  • Member
  • PipPip
  • 28 posts

Hi all, I just wanted to say thanks in advance to the Admins and Mods on this forum- you guys really do a great job!

Approximately three months ago I discovered that my Facebook and Gmail accounts were hacked maliciously by someone I believe I can identify. I immediately changed my passwords and a short time later my desktop running XP 32bit along with a laptop running the same were infected with the following:

 

BV:Agent-ARF

Wininit.ini

ASP.NETmachine and more.

 

I also noticed that the remote access in my Avast was activated, scan settings had been changed without authorisation and scan logs were deleted. I managed to get my desktop under control with a combination of Spybot S&D, Malwarebyte and Avast. Since then I have had absolutely no positive results but I am still not convinced that this machine is safe which is why I am here today. Occasionally the System runs really slow and occasionally crashes.

Anyway, here goes!

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by CLuTsTa (administrator) on CLUTZ (22-10-2015 03:49:18)
Running from C:\Documents and Settings\CLuTsTa\Desktop
Loaded Profiles: CLuTsTa (Available Profiles: CLuTsTa & Dre & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Update\DropboxUpdate.exe
() C:\WINDOWS\system32\PSIService.exe
(Logitech Inc.) C:\Program Files\SetPoint\LBTWiz.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(OTi) C:\WINDOWS\system32\UStorSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Dude\dude.exe
() C:\Program Files\Dude\dude.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [Logitech BT Wizard] => LBTWiz.exe -silent
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [28160 2005-12-20] (Logitech Inc.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-09-01] (Microsoft Corporation)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-25] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [44236896 2015-07-08] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [DudeServer] => C:\Program Files\Dude\dude.exe [4142080 2010-04-07] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2006-02-03] (Logitech Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-867479323-834159104-2347132788-1006\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-867479323-834159104-2347132788-1006\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-867479323-834159104-2347132788-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-25] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-867479323-834159104-2347132788-1006] => Proxy is enabled.
ProxyServer: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
AutoConfigURL: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2F9FA297-B409-4F72-BBCF-29D3E0660393}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5358A304-E7A9-4F5E-A7F4-DBDB06375328}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{AEAF8A70-26FD-41A1-9847-43957CAB2D95}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-867479323-834159104-2347132788-1006 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
Toolbar: HKU\S-1-5-21-867479323-834159104-2347132788-1006 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default
FF NewTab: www.google.com
FF DefaultSearchEngine: Google Australia - Country: Australia
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com.au
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxps://www.google.com/search
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "203.201.163.194"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "203.201.163.194"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "203.201.163.194"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "203.201.163.194"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-08] ()
FF Plugin: @idsoftware.com/QuakeLive -> C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll [2010-12-03] (id Software Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-05] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-867479323-834159104-2347132788-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin HKU\S-1-5-21-867479323-834159104-2347132788-1006: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\CLuTsTa\Application Data\Facebook\npfbplugin_1_0_3.dll [No File]
FF Plugin HKU\S-1-5-21-867479323-834159104-2347132788-1006: jpl.nasa.gov/NASAEyes -> C:\Documents and Settings\CLuTsTa\Application Data\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2015-09-10] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2006-12-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll [2007-04-13] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-06] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\searchplugins\google-australia---country-australia.xml [2015-09-23]
FF Extension: No Name - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\nostmp [2013-12-24] [not signed]
FF Extension: Switch to Tab no more - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi [2015-01-07]
FF Extension: Adblock Plus - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-09]
FF Extension: Hide Tab Bar With One Tab - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\{e5bbc237-c99b-4ced-a061-0be27703295f}.xpi [2013-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-13] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-04] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2015-10-16]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Drive) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-08]
CHR Extension: (YouTube) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-08]
CHR Extension: (Google Search) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]
CHR Extension: (Gmail) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2006-06-30] (Adobe Systems) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-10-08] (Adobe Systems Incorporated) [File not signed]
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-25] (AVAST Software)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-07] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2006-06-09] (Creative Labs) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-08] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-21] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-08] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) [File not signed]
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [86016 2006-02-03] (Logitech Inc.) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-21] (Microsoft Corporation) [File not signed]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-18] (Microsoft Corporation) [File not signed]
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
R2 UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [139264 2004-09-20] (OTi) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 w32time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation) [File not signed]
S4 adpu160m; C:\WINDOWS\system32\DRIVERS\adpu160m.sys [101888 2008-04-14] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-18] (Microsoft Corporation) [File not signed]
S4 agp440; C:\WINDOWS\system32\DRIVERS\agp440.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 agpCPQ; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [44928 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Aha154x; C:\WINDOWS\system32\DRIVERS\aha154x.sys [12800 2008-04-14] (Microsoft Corporation) [File not signed]
S4 aic78u2; C:\WINDOWS\system32\DRIVERS\aic78u2.sys [55168 2008-04-14] (Microsoft Corporation) [File not signed]
S4 aic78xx; C:\WINDOWS\system32\DRIVERS\aic78xx.sys [56960 2008-04-14] (Microsoft Corporation) [File not signed]
S4 AliIde; C:\WINDOWS\system32\DRIVERS\aliide.sys [5248 2008-04-14] (Acer Laboratories Inc.) [File not signed]
S4 alim1541; C:\WINDOWS\system32\DRIVERS\alim1541.sys [42752 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S4 amdagp; C:\WINDOWS\system32\DRIVERS\amdagp.sys [43008 2008-04-14] (Advanced Micro Devices, Inc.) [File not signed]
S4 amsint; C:\WINDOWS\system32\DRIVERS\amsint.sys [12032 2008-04-14] (Microsoft Corporation) [File not signed]
S3 androidusb; C:\WINDOWS\System32\Drivers\ssadadb.sys [32064 2013-08-21] (Google Inc) [File not signed]
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
S4 asc; C:\WINDOWS\system32\DRIVERS\asc.sys [26496 2008-04-14] (Advanced System Products, Inc.) [File not signed]
S4 asc3350p; C:\WINDOWS\system32\DRIVERS\asc3350p.sys [22400 2008-04-14] (Microsoft Corporation) [File not signed]
S4 asc3550; C:\WINDOWS\system32\DRIVERS\asc3550.sys [14848 2008-04-14] (Advanced System Products, Inc.) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-05-06] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-25] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-09-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-09-25] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-09-25] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-25] (AVAST Software)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [428269 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30363 2006-02-01] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [854154 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [45475 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [64344 2006-02-01] (Broadcom Corporation.) [File not signed]
S4 cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
S4 cd20xrnt; C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys [7680 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
S4 CmdIde; C:\WINDOWS\system32\DRIVERS\cmdide.sys [6656 2008-04-14] (CMD Technology, Inc.) [File not signed]
S4 Cpqarray; C:\WINDOWS\system32\DRIVERS\cpqarray.sys [14976 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ctsfm2k; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [138752 2005-01-10] (Creative Technology Ltd) [File not signed]
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.) [File not signed]
S4 dac2w2k; C:\WINDOWS\system32\DRIVERS\dac2w2k.sys [179584 2008-04-14] (Mylex Corporation) [File not signed]
S4 dac960nt; C:\WINDOWS\system32\DRIVERS\dac960nt.sys [14720 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\system32\Drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dpti2o; C:\WINDOWS\system32\DRIVERS\dpti2o.sys [20192 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 E100B; C:\WINDOWS\System32\DRIVERS\e100b325.sys [155648 2004-10-14] (Intel Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 hpn; C:\WINDOWS\system32\DRIVERS\hpn.sys [25952 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [212224 2003-11-17] (Conexant Systems, Inc.) [File not signed]
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [1042432 2003-11-17] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-21] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 i2omp; C:\WINDOWS\system32\DRIVERS\i2omp.sys [18560 2008-04-14] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ini910u; C:\WINDOWS\system32\DRIVERS\ini910u.sys [16000 2008-04-14] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.) [File not signed]
S3 LHidKe; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [27008 2005-12-20] (Logitech, Inc.) [File not signed]
S3 LMouKE; C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [69376 2005-12-20] (Logitech, Inc.) [File not signed]
R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [11043 2003-04-09] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2008-04-14] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 mraid35x; C:\WINDOWS\system32\DRIVERS\mraid35x.sys [17280 2008-04-14] (American Megatrends Inc.) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-16] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-22] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-09] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-28] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) [File not signed]
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 nmwcd; C:\WINDOWS\System32\drivers\ccdcmb.sys [18048 2010-07-30] (Nokia) [File not signed]
S3 nmwcdc; C:\WINDOWS\System32\drivers\ccdcmbo.sys [23040 2010-07-30] (Nokia) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ossrv; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [106496 2005-01-10] (Creative Technology Ltd.) [File not signed]
S3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation) [File not signed]
S3 pccsmcfd; C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
S4 perc2; C:\WINDOWS\system32\DRIVERS\perc2.sys [27296 2008-04-14] (Microsoft Corporation) [File not signed]
S4 perc2hib; C:\WINDOWS\system32\DRIVERS\perc2hib.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [8704 2004-12-22] (Creative Technology Ltd.) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S4 ql1080; C:\WINDOWS\system32\DRIVERS\ql1080.sys [40320 2008-04-14] (QLogic Corporation) [File not signed]
S4 Ql10wnt; C:\WINDOWS\system32\DRIVERS\ql10wnt.sys [33152 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ql12160; C:\WINDOWS\system32\DRIVERS\ql12160.sys [45312 2008-04-14] (QLogic Corporation) [File not signed]
S4 ql1240; C:\WINDOWS\system32\DRIVERS\ql1240.sys [40448 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ql1280; C:\WINDOWS\system32\DRIVERS\ql1280.sys [49024 2008-04-14] (QLogic Corporation) [File not signed]
S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\wg111v2.sys [167808 2006-03-27] (NETGEAR Inc.) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [39552 2002-04-09] (Prolific Technology Inc.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\DRIVERS\sermouse.sys [17664 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sigfilt; C:\WINDOWS\System32\drivers\sigfilt.sys [1350784 2005-09-21] (Creative Technology Ltd.) [File not signed]
S4 sisagp; C:\WINDOWS\system32\DRIVERS\sisagp.sys [40960 2008-04-14] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) [File not signed]
S4 Sparrow; C:\WINDOWS\system32\DRIVERS\sparrow.sys [19072 2008-04-14] (Adaptec, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2009-01-19] (Duplex Secure Ltd.)
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-18] (Microsoft Corporation) [File not signed]
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1022040 2005-08-17] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 symc810; C:\WINDOWS\system32\DRIVERS\symc810.sys [16256 2008-04-14] (Symbios Logic Inc.) [File not signed]
S4 symc8xx; C:\WINDOWS\system32\DRIVERS\symc8xx.sys [32640 2008-04-14] (LSI Logic) [File not signed]
S4 sym_hi; C:\WINDOWS\system32\DRIVERS\sym_hi.sys [28384 2008-04-14] (LSI Logic) [File not signed]
S4 sym_u3; C:\WINDOWS\system32\DRIVERS\sym_u3.sys [30688 2008-04-14] (LSI Logic) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
S4 TosIde; C:\WINDOWS\system32\DRIVERS\toside.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ultra; C:\WINDOWS\system32\DRIVERS\ultra.sys [36736 2008-04-14] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upperdev; C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys [8192 2010-07-30] (Nokia) [File not signed]
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [26240 2013-08-29] (Microsoft Corporation) [File not signed]
S3 UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [8192 2010-07-30] (Nokia) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [123008 2013-07-17] (Microsoft Corporation) [File not signed]
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\WINDOWS\System32\DRIVERS\usb8023x.sys [12928 2013-02-12] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 viaagp; C:\WINDOWS\system32\DRIVERS\viaagp.sys [42240 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ViaIde; C:\WINDOWS\system32\DRIVERS\viaide.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam.sys [11520 2008-05-06] (Western Digital Technologies) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [680704 2003-11-17] (Conexant Systems, Inc.) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [91904 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [132224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 bvrp_pci; no ImagePath
S3 catchme; \??\C:\DOCUME~1\CLuTsTa\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; no ImagePath
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PalmUSBD; no ImagePath
S3 Pcouffin; no ImagePath
S3 pepifilter; system32\DRIVERS\lv302af.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U3 TlntSvr; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2027-01-22 16:18 - 2027-01-22 16:18 - 00003120 ____C C:\WINDOWS\33orpae.tpi
2015-10-22 03:49 - 2015-10-22 03:53 - 00055936 _____ C:\Documents and Settings\CLuTsTa\Desktop\FRST.txt
2015-10-22 03:43 - 2015-10-22 03:43 - 00000691 _____ C:\dude.conf
2015-10-22 03:20 - 2015-10-22 03:49 - 00000000 ____D C:\FRST
2015-10-22 03:19 - 2015-10-22 03:19 - 01700864 _____ (Farbar) C:\Documents and Settings\CLuTsTa\Desktop\FRST.exe
2015-10-21 02:44 - 2015-10-21 02:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\The Dude
2015-10-21 01:15 - 2015-10-21 21:11 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\TELSTRA
2015-10-21 01:00 - 2015-09-27 21:46 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20151021-010042.backup
2015-10-21 00:54 - 2015-10-21 01:13 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-21 00:53 - 2015-10-21 00:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-21 00:53 - 2015-10-21 00:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-21 00:53 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-21 00:53 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-21 00:39 - 2015-10-21 00:39 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\CLuTsTa\Desktop\mbam-setup-org-2.2.0.1024.exe
2015-10-21 00:13 - 2015-10-21 02:46 - 00000000 ____D C:\Program Files\Dude
2015-10-21 00:09 - 2015-10-21 00:10 - 03702898 _____ C:\Documents and Settings\CLuTsTa\Desktop\dude-install-3.6.exe
2015-10-20 13:46 - 2015-09-23 21:15 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\nmap-6.49BETA5
2015-10-20 12:21 - 2015-10-20 14:05 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Epping
2015-10-17 15:03 - 2015-10-17 16:57 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\UGK - Dirty Money -mndgme-
2015-10-16 15:44 - 2015-10-18 09:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-09 06:47 - 2015-10-22 03:48 - 00001456 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-10-08 18:09 - 2015-10-08 18:10 - 00000000 ___RD C:\Program Files\Skype
2015-09-27 21:46 - 2015-09-27 21:21 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150927-204633.backup
2015-09-27 21:21 - 2015-08-26 02:00 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150927-202106.backup
2015-09-27 14:01 - 2015-09-27 14:01 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\New Folder
2015-09-25 12:04 - 2015-09-25 12:04 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-25 12:04 - 2015-09-25 12:04 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 03:55 - 2013-09-21 12:55 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2015-10-22 03:53 - 2011-02-28 21:41 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Local Settings\temp
2015-10-22 03:50 - 2004-08-10 16:02 - 01487537 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-22 03:47 - 2015-07-21 07:50 - 00000898 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-22 03:46 - 2009-11-09 21:10 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\Skype
2015-10-22 03:45 - 2004-08-10 16:08 - 00032612 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-22 03:44 - 2013-03-04 17:27 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-10-22 03:39 - 2004-08-10 15:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-22 03:39 - 2004-08-10 15:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-22 03:38 - 2015-07-27 02:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-10-22 03:38 - 2013-01-27 05:13 - 00100433 _____ C:\WINDOWS\wmsetup.log
2015-10-22 03:37 - 2015-07-21 07:50 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-22 03:37 - 2014-06-22 18:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-22 03:37 - 2014-04-10 15:45 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-22 03:37 - 2004-08-10 16:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-22 03:35 - 2012-06-01 19:03 - 00000178 ___SH C:\Documents and Settings\Dre\ntuser.ini
2015-10-22 03:35 - 2012-06-01 19:03 - 00000000 ____D C:\Documents and Settings\Dre\Local Settings\Temp
2015-10-22 03:35 - 2012-06-01 19:03 - 00000000 ____D C:\Documents and Settings\Dre
2015-10-22 03:29 - 2015-08-07 22:45 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-10-22 03:29 - 2015-08-07 22:45 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-10-22 03:22 - 2014-06-22 18:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-22 03:13 - 2012-04-20 19:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-22 03:08 - 2009-07-15 14:35 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-10-22 02:22 - 2007-09-01 22:51 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google
2015-10-22 02:22 - 2006-06-29 16:54 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\Mozilla
2015-10-22 02:17 - 2011-12-31 18:09 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006UA.job
2015-10-22 01:28 - 2004-08-10 15:51 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-21 23:57 - 2015-08-10 16:20 - 00452116 ___SH C:\Documents and Settings\CLuTsTa\Desktop\Thumbs.db
2015-10-21 23:13 - 2014-01-18 20:12 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\uTorrent
2015-10-21 21:14 - 2013-01-25 09:30 - 00000000 ___RD C:\Documents and Settings\CLuTsTa\My Documents\Dropbox
2015-10-21 20:59 - 2012-10-14 11:10 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\Dropbox
2015-10-21 10:01 - 2009-03-14 03:50 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-10-21 08:17 - 2011-12-31 18:09 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006Core.job
2015-10-21 03:43 - 2011-09-27 01:57 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\vlc
2015-10-21 00:53 - 2015-07-27 02:52 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-10-20 21:43 - 2006-06-30 11:01 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Adobe
2015-10-20 18:49 - 2006-06-29 15:40 - 00000178 ___SH C:\Documents and Settings\CLuTsTa\ntuser.ini
2015-10-20 18:49 - 2006-06-29 15:40 - 00000000 ____D C:\Documents and Settings\CLuTsTa
2015-10-20 18:12 - 2015-07-27 11:48 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\JUL '15
2015-10-20 17:52 - 2004-08-10 15:51 - 00000316 ___SH C:\boot.ini
2015-10-19 13:42 - 2012-11-05 17:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-10-18 18:59 - 2014-04-10 09:12 - 00480339 _____ C:\WINDOWS\setupapi.log
2015-10-18 09:10 - 2012-05-03 13:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-17 19:19 - 2011-07-13 19:23 - 00102980 _____ C:\WINDOWS\setupact.log
2015-10-17 16:57 - 2012-11-02 00:52 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\DAWG
2015-10-17 14:54 - 2015-09-02 01:50 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Ultilli
2015-10-17 07:42 - 2015-05-13 23:55 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\LAXATIVES
2015-10-17 06:15 - 2015-02-17 22:57 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Market 8
2015-10-17 05:31 - 2015-01-18 23:54 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\NZ BREW
2015-10-16 19:23 - 2014-02-01 23:23 - 00000000 ____D C:\Documents and Settings\CLuTsTa\My Documents\SelfMV
2015-10-16 19:10 - 2004-08-10 15:57 - 00592182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-15 12:27 - 2009-05-16 20:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-09 07:03 - 2009-05-27 11:00 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\PICS
2015-10-08 18:18 - 2010-12-27 11:16 - 01122776 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-10-08 18:18 - 2010-12-27 11:16 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-10-08 18:17 - 2010-12-27 11:16 - 01122776 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-10-08 18:17 - 2010-12-27 11:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-08 18:17 - 2006-06-09 02:48 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-10-08 18:16 - 2004-08-10 15:52 - 00000000 ____D C:\WINDOWS\Media
2015-10-08 18:11 - 2011-09-04 11:18 - 00108544 _____ C:\WINDOWS\spupdsvc.log
2015-10-08 18:10 - 2009-11-09 21:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-10-08 18:10 - 2007-04-14 01:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-10-08 18:02 - 2014-03-04 21:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-10-08 18:02 - 2006-06-09 02:56 - 00000000 ____D C:\Program Files\Java
2015-10-08 17:56 - 2012-04-20 19:21 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-08 17:56 - 2011-11-29 07:32 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-08 15:00 - 2014-04-10 15:45 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-10-04 14:27 - 2014-05-24 11:33 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\CLuTZ REGGAE
2015-10-03 11:15 - 2014-09-20 11:56 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\YOUKAY
2015-10-01 07:31 - 2015-07-27 02:52 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-09-27 08:25 - 2013-01-06 15:18 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\MOODMACHINE
2015-09-26 23:28 - 2015-07-25 14:30 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\SUNDOWNERS
2015-09-26 23:13 - 2011-11-01 14:45 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Dre's Easy Listening
2015-09-26 12:35 - 2015-08-23 14:54 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Californication
2015-09-26 12:35 - 2007-01-25 01:30 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2015-09-26 12:35 - 2006-06-29 17:40 - 00170496 _____ C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 12:07 - 2015-07-27 01:03 - 00277173 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-25 12:04 - 2015-07-27 01:02 - 00157888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-25 12:04 - 2014-06-10 15:36 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00789296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00434184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

==================== Files in the root of some directories =======

2006-12-15 11:55 - 2006-12-15 11:55 - 0002508 _____ () C:\Documents and Settings\CLuTsTa\Application Data\$_hpcst$.hpc
2010-12-27 11:06 - 2010-12-27 11:06 - 0138056 _____ () C:\Documents and Settings\CLuTsTa\Application Data\PnkBstrK.sys
2006-06-29 17:40 - 2015-09-26 12:35 - 0170496 _____ () C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-18 16:07 - 2006-07-18 16:07 - 0000130 _____ () C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\fusioncache.dat
2008-05-19 20:56 - 2008-05-19 22:10 - 0001743 ____C () C:\Documents and Settings\All Users\Nokia Connectivity Cable Driver 1.00.150.6.LOG
2008-05-19 20:55 - 2008-05-19 21:26 - 0001724 _____ () C:\Documents and Settings\All Users\Nokia PC Suite 6.60.18.LOG

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some files in TEMP:
====================
C:\Documents and Settings\CLuTsTa\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmjgqy5.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by CLuTsTa (2015-10-22 03:56:56)
Running from C:\Documents and Settings\CLuTsTa\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-12-16 11:44:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-867479323-834159104-2347132788-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
CLuTsTa (S-1-5-21-867479323-834159104-2347132788-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\CLuTsTa
Dre (S-1-5-21-867479323-834159104-2347132788-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dre
Guest (S-1-5-21-867479323-834159104-2347132788-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-867479323-834159104-2347132788-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-867479323-834159104-2347132788-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Ethernet Utility (HKLM\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.3 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Engine Analyzer Pro v3.3 (HKLM\...\{FE9C7463-77A6-4B64-8891-550B7E3505F2}) (Version: 3.3 - Performance Trends Inc)
EvoScan v2.6 (HKLM\...\{EA5247AC-F1F7-4B95-94CC-4B648C1985BB}) (Version: 2.6.20 - EvoScan)
Express Gate (HKLM\...\{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}) (Version: 1.2.8.0 - DeviceVM, Inc.)
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
ITB HD BLACK-BOX PC Player (HKLM\...\ITB HD BLACK-BOX PC Player) (Version: 1.1.0 - iTronics)
J2SE Runtime Environment 5.0 Update 9 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Logitech QuickCam (HKLM\...\{937B232D-9776-471E-92BD-D424E514EF14}) (Version: 11.90.1263 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliType Pro 6.2 (HKLM\...\{345112D9-0930-4A68-AB71-A831BA5DE7AA}) (Version: 6.20.182.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (HKLM\...\IDNMitigationAPIs) (Version:  - Microsoft Corporation)
Microsoft National Language Support Downlevel APIs (HKLM\...\NLSDownlevelMapping) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Mitsubishi Computerized Automatic Parts Searching System (CAPS) (HKLM\...\Mitsubishi_caps) (Version:  - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MS Word Save Dot As Doc Software 7.0 (HKLM\...\MS Word Save Dot As Doc Software_is1) (Version:  - Sobolsoft)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{4216D328-0FE8-48B8-85B8-BD300E6F080F}) (Version: 7.1.36.0 - Nokia)
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OGA Notifier 1.7.0105.35.0 (Version: 1.7.0105.35.0 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
Quake Live Mozilla Plugin (HKLM\...\{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}) (Version: 1.0.401 - id Software)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 2.50 - Logitech)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Sound Blaster Audigy ADVANCED MB Product Registration (HKLM\...\Sound Blaster Audigy ADVANCED MB Product Registration) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Dude (HKLM\...\Dude) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.814 - Logitech)
WinAce Archiver (HKLM\...\WinAce Archiver) (Version: 2.65 - e-merge GmbH)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Driver Package - Nokia Modem  (03/05/2008 3.7) (HKLM\...\CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A) (Version: 03/05/2008 3.7 - Nokia)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\CLuTsTa\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PictPreview.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Photos.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Photos.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{47052E2F-3D7D-43F9-93CB-AD85D062D097}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.129\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{74531205-74DC-48FF-953B-3B6DC988424F}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{9D3B3E2B-1789-4A83-8050-5ED8307B02E5}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Application Data\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll  (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll  (the data entry has 10 more characters).

==================== Restore Points =========================

16-08-2015 09:01:19 Software Distribution Service 3.0
17-08-2015 09:00:54 Software Distribution Service 3.0
18-08-2015 09:01:30 Software Distribution Service 3.0
19-08-2015 09:01:07 Software Distribution Service 3.0
19-08-2015 09:52:32 Software Distribution Service 3.0
20-08-2015 09:00:57 Software Distribution Service 3.0
20-08-2015 13:32:47 Software Distribution Service 3.0
21-08-2015 09:00:58 Software Distribution Service 3.0
22-08-2015 09:00:58 Software Distribution Service 3.0
23-08-2015 09:00:49 Software Distribution Service 3.0
24-08-2015 09:01:00 Software Distribution Service 3.0
25-08-2015 09:01:00 Software Distribution Service 3.0
26-08-2015 01:53:37 Software Distribution Service 3.0
26-08-2015 09:00:26 Software Distribution Service 3.0
27-08-2015 09:00:25 Software Distribution Service 3.0
27-08-2015 17:46:19 Software Distribution Service 3.0
28-08-2015 09:00:19 Software Distribution Service 3.0
29-08-2015 09:05:46 System Checkpoint
30-08-2015 11:43:56 System Checkpoint
31-08-2015 12:24:14 System Checkpoint
01-09-2015 13:05:14 System Checkpoint
02-09-2015 15:51:14 System Checkpoint
03-09-2015 16:36:36 System Checkpoint
04-09-2015 17:36:34 System Checkpoint
05-09-2015 18:36:34 System Checkpoint
06-09-2015 19:36:34 System Checkpoint
07-09-2015 20:36:35 System Checkpoint
08-09-2015 21:36:35 System Checkpoint
10-09-2015 12:17:33 System Checkpoint
10-09-2015 18:25:30 Software Distribution Service 3.0
11-09-2015 09:00:57 Software Distribution Service 3.0
12-09-2015 09:00:55 Software Distribution Service 3.0
13-09-2015 09:01:11 Software Distribution Service 3.0
14-09-2015 09:00:57 Software Distribution Service 3.0
15-09-2015 09:01:37 Software Distribution Service 3.0
16-09-2015 09:00:22 Software Distribution Service 3.0
17-09-2015 09:26:38 System Checkpoint
18-09-2015 11:17:38 System Checkpoint
19-09-2015 11:20:03 System Checkpoint
20-09-2015 12:49:44 System Checkpoint
21-09-2015 13:21:17 System Checkpoint
22-09-2015 14:21:18 System Checkpoint
23-09-2015 15:51:28 System Checkpoint
24-09-2015 16:21:21 System Checkpoint
25-09-2015 12:04:14 avast! antivirus system restore point
25-09-2015 12:07:37 Installed Windows XP Wdf01009.
26-09-2015 12:20:13 System Checkpoint
27-09-2015 12:51:32 System Checkpoint
28-09-2015 14:42:22 System Checkpoint
29-09-2015 15:32:28 System Checkpoint
30-09-2015 15:37:22 System Checkpoint
01-10-2015 16:37:21 System Checkpoint
02-10-2015 16:44:36 System Checkpoint
03-10-2015 17:20:20 System Checkpoint
04-10-2015 17:37:22 System Checkpoint
05-10-2015 18:37:24 System Checkpoint
06-10-2015 19:25:38 System Checkpoint
07-10-2015 20:25:37 System Checkpoint
08-10-2015 18:09:49 Software Distribution Service 3.0
08-10-2015 18:15:40 Software Distribution Service 3.0
09-10-2015 18:39:51 System Checkpoint
10-10-2015 19:39:52 System Checkpoint
11-10-2015 19:44:16 System Checkpoint
12-10-2015 21:27:56 System Checkpoint
13-10-2015 21:39:50 System Checkpoint
14-10-2015 17:29:37 Software Distribution Service 3.0
15-10-2015 08:01:16 Software Distribution Service 3.0
15-10-2015 12:24:40 Software Distribution Service 3.0
16-10-2015 14:22:27 System Checkpoint
17-10-2015 15:37:21 System Checkpoint
18-10-2015 16:26:31 System Checkpoint
19-10-2015 18:16:34 System Checkpoint
20-10-2015 19:12:27 System Checkpoint
21-10-2015 19:56:29 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 15:51 - 2015-10-21 01:00 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 15467 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\CLuTsTa\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006Core.job => C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006UA.job => C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.97 MB
Available physical RAM: 724.53 MB
Total Virtual: 5985.28 MB
Available Virtual: 4860.35 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:148.97 GB) (Free:36.06 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (bic boiiii) (Fixed) (Total:465.75 GB) (Free:86.04 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 9FC69FC6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi after this run could you let me know what problems you are experiencing

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
ProxyEnable: [S-1-5-21-867479323-834159104-2347132788-1006] => Proxy is enabled.
ProxyServer: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
AutoConfigURL: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll => No File
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "203.201.163.194"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "203.201.163.194"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "203.201.163.194"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "203.201.163.194"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
2015-10-22 03:55 - 2013-09-21 12:55 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2006-06-29 17:40 - 2015-09-26 12:35 - 0170496 _____ () C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\CLuTsTa\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi Essexboy, thanks so much for helping me out on this!

 

Here's the 'fixlog' as requested- I will post the next log asap

 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:22-10-2015
Ran by CLuTsTa (2015-10-24 01:28:28) Run:3
Running from C:\Documents and Settings\CLuTsTa\Desktop
Loaded Profiles: CLuTsTa (Available Profiles: CLuTsTa & Dre & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
ProxyEnable: [S-1-5-21-867479323-834159104-2347132788-1006] => Proxy is enabled.
ProxyServer: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
AutoConfigURL: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll => No File
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "203.201.163.194"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "203.201.163.194"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "203.201.163.194"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "203.201.163.194"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
2015-10-22 03:55 - 2013-09-21 12:55 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2006-06-29 17:40 - 2015-09-26 12:35 - 0170496 _____ () C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\CLuTsTa\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value not found.
HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => key not found.
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} => key not found.
HKCR\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => key not found.
HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} => key not found.
HKCR\CLSID\{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} => key not found.
FF NetworkProxy: "backup.ftp", "" => not found
FF NetworkProxy: "backup.ftp_port", 0 => not found
FF NetworkProxy: "backup.socks", "" => not found
FF NetworkProxy: "backup.socks_port", 0 => not found
FF NetworkProxy: "backup.ssl", "" => not found
FF NetworkProxy: "backup.ssl_port", 0 => not found
FF NetworkProxy: "ftp", "203.201.163.194" => not found
FF NetworkProxy: "ftp_port", 80 => not found
FF NetworkProxy: "http", "203.201.163.194" => not found
FF NetworkProxy: "http_port", 80 => not found
FF NetworkProxy: "share_proxy_settings", true => not found
FF NetworkProxy: "socks", "203.201.163.194" => not found
FF NetworkProxy: "socks_port", 80 => not found
FF NetworkProxy: "ssl", "203.201.163.194" => not found
FF NetworkProxy: "ssl_port", 80 => not found
FF NetworkProxy: "type", 4 => not found
"C:\WINDOWS\Tasks\At1.job" => not found.
"C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\WINDOWS\Tasks\At1.job => not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 9.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:28:48 ====


  • 0

#4
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

AdwCleaner log as requested:





# AdwCleaner v5.014 - Logfile created 24/10/2015 at 02:12:40
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : CLuTsTa - CLUTZ
# Running from : C:\Documents and Settings\CLuTsTa\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : netfilter

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\BitLord
[-] Folder Deleted : C:\Documents and Settings\CLuTsTa\My Documents\Updater
[-] Folder Deleted : C:\Documents and Settings\CLuTsTa\Start Menu\Programs\BitGuard
[-] Folder Deleted : C:\Program Files\BitLord

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\drivers\netfilter.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKCU\Software\5a6db8bbc68bd15
[-] Key Deleted : HKLM\SOFTWARE\5a6db8bbc68bd15
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKU\.DEFAULT\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\Delta
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\MyWaySA
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Repair
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706..clientLogIsEnabled", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.CTID", "CT2642706");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.CurrentServerDate", "10-5-2011");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.DialogsAlignMode", "LTR");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.DialogsGetterLastCheckTime", "Tue May 10 2011 21:19:36 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.DownloadReferralCookieData", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.EMailNotifierPollDate", "Sat Sep 04 2010 08:44:45 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.ExternalComponentPollDate129273909026568859", "Sat Sep 04 2010 08:38:37 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.FirstServerDate", "4-9-2010");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.FirstTime", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.FirstTimeFF3", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.FirstTimeSettingsDone", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.FixPageNotFoundErrors", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.GroupingServerCheckInterval", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.HasUserGlobalKeys", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.Initialize", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.InitializeCommonPrefs", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.InstallationAndCookieDataSentCount", 2);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.InstalledDate", "Sat Sep 04 2010 08:38:42 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.InvalidateCache", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.IsGrouping", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.IsMulticommunity", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.IsOpenThankYouPage", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.IsOpenUninstallPage", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LanguagePackLastCheckTime", "Tue May 10 2011 21:19:35 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LanguagePackReloadIntervalMM", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LastLogin_2.7.2.0", "Sat Sep 04 2010 08:38:56 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LastLogin_3.3.3.2", "Tue May 10 2011 21:19:35 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LatestVersion", "3.3.3.2");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.Locale", "en");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.LoginCache", 4);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.MCDetectTooltipHeight", "83");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.MCDetectTooltipWidth", "295");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioIsPodcast", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioLastCheckTime", "Sat Sep 04 2010 08:38:39 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioLastUpdateIPServer", "3");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioLastUpdateServer", "3");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioMediaID", "9962");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioMediaType", "Media Player");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioMenuSelectedID", "EBRadioMenu_CT26427069962");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioShrinked", "shrinked");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioStationName", "California%20Rock");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.RadioStationURL", "hxxp://feedlive.net/california.asx");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SavedHomepage", "google.com.au");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2642706&octid=EB_ORIGINAL_CTID&SearchSource=1");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchFromAddressBarIsInit", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchInNewTabEnabled", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchInNewTabIntervalMM", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchInNewTabLastCheckTime", "Tue May 10 2011 21:19:35 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.ServiceMapLastCheckTime", "Tue May 10 2011 21:19:34 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SettingsCheckIntervalMin", 120);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SettingsLastCheckTime", "Tue May 10 2011 21:19:34 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.SettingsLastUpdate", "1304004054");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.ThirdPartyComponentsInterval", 504);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.ThirdPartyComponentsLastCheck", "Tue May 10 2011 21:19:34 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.ThirdPartyComponentsLastUpdate", "1246790578");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2642706");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.Uninstall", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.UserID", "UN40209671709084570");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.ValidationData_Toolbar", 0);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.WeatherNetwork", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.WeatherPollDate", "Sat Sep 04 2010 08:38:38 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.WeatherUnit", "C");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.alertChannelId", "1035393");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.clientLogIsEnabled", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.globalFirstTimeInfoLastCheckTime", "Tue May 10 2011 21:19:35 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.isAppTrackingManagerOn", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.myStuffEnabled", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.myStuffPublihserMinWidth", 400);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.myStuffServiceIntervalMM", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.oldAppsList", "129193298402600817,129193298404007082,129462006452325554,129273906557193811,129273908693444042,129273909026568859,1000082,129424519508200577,129469278696112556,1000[...]
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.testingCtid", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.toolbarAppMetaDataLastCheckTime", "Tue May 10 2011 21:19:35 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.toolbarContextMenuLastCheckTime", "Tue May 10 2011 21:19:35 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CT2642706.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2642706");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634339976460000000");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.EngineOwner", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\CLuTsTa\\Application Data\\Mozilla\\Firefox\\Profiles\\yt6qxmus.default\\conduitCommon\\modules\\3.12.2.3");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2642706");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2642706");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 10 2011 21:09:29 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 10 2011 21:17:48 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.locale", "en");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 10 2011 21:08:51 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.alert.userId", "{82bbec00-5db0-4c34-b671-d06fab41a7f0}");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Sep 05 2010 08:38:41 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.globalUserId", "ddf3d21b-b764-41eb-b78e-dd21374efad4");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 16 2012 15:22:57 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 16 2012 15:22:52 GMT+1000 (AUS Eastern Standard Time)");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.notifications.userId", "a2cd9748-7975-4aad-8de1-0b6616621e1d");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.originalHomepage", "www.google.com.au");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "TranslatorBar 5 Customized Web Search");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[-] [C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\prefs.js] [Preference] Deleted : user_pref("extentions.y2layers.installId", "52D40B80-3B65-C899-59D7-A40423E68CE5");

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [35443 bytes] ##########
 


Edited by clutsta, 23 October 2015 - 09:24 AM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What sort of problems are you experiencing at the moment ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#6
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

The system has suddenly become especially slow- I even had issues with the sound card playing up but was fine on a re-boot.

 

I have run aswMBR but it hangs on

C: \Documents and settings\CLuTsTa\Application Data\Microsoft\Identityc

 

 

Here is a log anyway





aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-10-24 10:14:46
-----------------------------
10:14:46.656    OS Version: Windows 5.1.2600 Service Pack 3
10:14:46.656    Number of processors: 2 586 0x1706
10:14:46.656    ComputerName: CLUTZ  UserName:
10:14:47.234    Initialize success
10:14:47.250    VM: initialized successfully
10:14:47.250    VM: Intel CPU virtualization not supported
10:14:49.218    AVAST engine defs: 15102301
10:15:01.515    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
10:15:01.515    Disk 0 Vendor: WDC_WD1600JS-75NCB2 10.02E03 Size: 152587MB BusType: 3
10:15:01.515    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b
10:15:01.531    Disk 1 Vendor: ST3500630AS 3.AAG Size: 476940MB BusType: 3
10:15:01.765    Disk 0 MBR read successfully
10:15:01.765    Disk 0 MBR scan
10:15:01.781    Disk 0 Windows XP default MBR code
10:15:01.781    Disk 0 Partition 1 00     DE   Dell Utility Dell 8.0       31 MB offset 63
10:15:01.828    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS       152546 MB offset 64260
10:15:01.843    Disk 0 default boot code
10:15:01.859    Disk 0 scanning sectors +312480315
10:15:01.937    Disk 0 scanning C:\WINDOWS\system32\drivers
10:15:25.187    Service scanning
10:16:09.578    Modules scanning
10:16:09.578    Disk 0 trace - called modules:
10:16:09.593    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:16:09.593    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a948ab8]
10:16:09.609    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000082[0x8a93b3b8]
10:16:09.625    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8a94ed98]
10:16:10.046    AVAST engine scan C:\WINDOWS
10:16:43.578    AVAST engine scan C:\WINDOWS\system32
10:20:18.484    AVAST engine scan C:\WINDOWS\system32\drivers
10:20:47.750    AVAST engine scan C:\Documents and Settings\CLuTsTa
10:35:02.843    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CLuTsTa\Desktop\MBR.dat"
10:35:02.890    The log file has been saved successfully to "C:\Documents and Settings\CLuTsTa\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-10-24 10:36:07
-----------------------------
10:36:07.343    OS Version: Windows 5.1.2600 Service Pack 3
10:36:07.343    Number of processors: 2 586 0x1706
10:36:07.343    ComputerName: CLUTZ  UserName:
10:36:07.859    Initialize success
10:36:07.875    VM: initialized successfully
10:36:07.875    VM: Intel CPU virtualization not supported
10:36:09.531    AVAST engine defs: 15102301
10:36:18.500    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
10:36:18.500    Disk 0 Vendor: WDC_WD1600JS-75NCB2 10.02E03 Size: 152587MB BusType: 3
10:36:18.515    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b
10:36:18.515    Disk 1 Vendor: ST3500630AS 3.AAG Size: 476940MB BusType: 3
10:36:18.671    Disk 0 MBR read successfully
10:36:18.687    Disk 0 MBR scan
10:36:18.687    Disk 0 Windows XP default MBR code
10:36:18.734    Disk 0 Partition 1 00     DE   Dell Utility Dell 8.0       31 MB offset 63
10:36:18.734    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS       152546 MB offset 64260
10:36:18.750    Disk 0 default boot code
10:36:18.765    Disk 0 scanning sectors +312480315
10:36:18.984    Disk 0 scanning C:\WINDOWS\system32\drivers
10:36:52.125    Service scanning
10:37:24.046    Modules scanning
10:37:24.046    Disk 0 trace - called modules:
10:37:24.078    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:37:24.078    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a948ab8]
10:37:24.078    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000082[0x8a93b3b8]
10:37:24.078    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8a94ed98]
10:37:24.718    AVAST engine scan C:\WINDOWS
10:37:58.671    AVAST engine scan C:\WINDOWS\system32
10:42:58.812    AVAST engine scan C:\WINDOWS\system32\drivers
10:43:50.718    AVAST engine scan C:\Documents and Settings\CLuTsTa
11:26:35.125    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CLuTsTa\Desktop\MBR.dat"
11:26:35.343    The log file has been saved successfully to "C:\Documents and Settings\CLuTsTa\Desktop\aswMBR.txt"

 


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When do you mainly experience the slow down.. When surfing or when using normal programmes ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#8
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Definitely slow when programs are being used- sometimes it's fine but sometimes it's not

Here's the MalwareBytes Scan Log- is it normal for it to say "Malware Protection: Disabled"??






Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/25/2015
Scan Time: 12:40:22 AM
Logfile: Scan Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.24.03
Rootkit Database: v2015.10.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: CLuTsTa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 466747
Time Elapsed: 1 hr, 39 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Protection is for the paid for version, the free is an on demand scanner

Have you recently defragmented your hard drive ?
  • 0

#10
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thanks for clarifying that. No I haven't de-frag'd recently


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could defrag please and let me know if that makes a difference
  • 0

#12
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Okay I have de-fragmented  C:\ and it seems to be running a bit better. 

Can you confirm that my system was infected at the start? If so, what with?


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Very simply it was just adware, annoying but not normally threatening

remote access in my Avast was activated

It is always available but can only be activated by you giving a code to someone else who is also running Avast and as soon as the GUI is closed the connection is dropped

The main infection area was firefox preferences file

The slowness is generally attributable to XP now being a very old OS and new programmes are pushing it to its limits within the software

Are there any other apparent problems ?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP