This topic is locked
Hi all, I just wanted to say thanks in advance to the Admins and Mods on this forum- you guys really do a great job!
Approximately three months ago I discovered that my Facebook and Gmail accounts were hacked maliciously by someone I believe I can identify. I immediately changed my passwords and a short time later my desktop running XP 32bit along with a laptop running the same were infected with the following:
BV:Agent-ARF
Wininit.ini
ASP.NETmachine and more.
I also noticed that the remote access in my Avast was activated, scan settings had been changed without authorisation and scan logs were deleted. I managed to get my desktop under control with a combination of Spybot S&D, Malwarebyte and Avast. Since then I have had absolutely no positive results but I am still not convinced that this machine is safe which is why I am here today. Occasionally the System runs really slow and occasionally crashes.
Anyway, here goes!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by CLuTsTa (administrator) on CLUTZ (22-10-2015 03:49:18)
Running from C:\Documents and Settings\CLuTsTa\Desktop
Loaded Profiles: CLuTsTa (Available Profiles: CLuTsTa & Dre & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Update\DropboxUpdate.exe
() C:\WINDOWS\system32\PSIService.exe
(Logitech Inc.) C:\Program Files\SetPoint\LBTWiz.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(OTi) C:\WINDOWS\system32\UStorSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Dude\dude.exe
() C:\Program Files\Dude\dude.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [Logitech BT Wizard] => LBTWiz.exe -silent
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [28160 2005-12-20] (Logitech Inc.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-09-01] (Microsoft Corporation)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-25] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [44236896 2015-07-08] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [DudeServer] => C:\Program Files\Dude\dude.exe [4142080 2010-04-07] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2006-02-03] (Logitech Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-867479323-834159104-2347132788-1006\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-867479323-834159104-2347132788-1006\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-867479323-834159104-2347132788-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.26.dll [2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-25] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-867479323-834159104-2347132788-1006] => Proxy is enabled.
ProxyServer: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
AutoConfigURL: [S-1-5-21-867479323-834159104-2347132788-1006] => localhost:21320
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2F9FA297-B409-4F72-BBCF-29D3E0660393}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5358A304-E7A9-4F5E-A7F4-DBDB06375328}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{AEAF8A70-26FD-41A1-9847-43957CAB2D95}: [DhcpNameServer] 10.1.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-867479323-834159104-2347132788-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-867479323-834159104-2347132788-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-867479323-834159104-2347132788-1006 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
Toolbar: HKU\S-1-5-21-867479323-834159104-2347132788-1006 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default
FF NewTab: www.google.com
FF DefaultSearchEngine: Google Australia - Country: Australia
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com.au
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxps://www.google.com/search
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "203.201.163.194"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "203.201.163.194"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "203.201.163.194"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "203.201.163.194"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-08] ()
FF Plugin: @idsoftware.com/QuakeLive -> C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll [2010-12-03] (id Software Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-05] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-867479323-834159104-2347132788-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin HKU\S-1-5-21-867479323-834159104-2347132788-1006: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\CLuTsTa\Application Data\Facebook\npfbplugin_1_0_3.dll [No File]
FF Plugin HKU\S-1-5-21-867479323-834159104-2347132788-1006: jpl.nasa.gov/NASAEyes -> C:\Documents and Settings\CLuTsTa\Application Data\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2015-09-10] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2006-12-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll [2007-04-13] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-06] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\searchplugins\google-australia---country-australia.xml [2015-09-23]
FF Extension: No Name - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\nostmp [2013-12-24] [not signed]
FF Extension: Switch to Tab no more - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi [2015-01-07]
FF Extension: Adblock Plus - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-09]
FF Extension: Hide Tab Bar With One Tab - C:\Documents and Settings\CLuTsTa\Application Data\Mozilla\Firefox\Profiles\yt6qxmus.default\Extensions\{e5bbc237-c99b-4ced-a061-0be27703295f}.xpi [2013-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-13] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-04] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2015-10-16]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Drive) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-08]
CHR Extension: (YouTube) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-08]
CHR Extension: (Google Search) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]
CHR Extension: (Gmail) - C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2006-06-30] (Adobe Systems) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-10-08] (Adobe Systems Incorporated) [File not signed]
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-25] (AVAST Software)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-07] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2006-06-09] (Creative Labs) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-08] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-21] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-08] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) [File not signed]
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [86016 2006-02-03] (Logitech Inc.) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-21] (Microsoft Corporation) [File not signed]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-18] (Microsoft Corporation) [File not signed]
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
R2 UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [139264 2004-09-20] (OTi) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 w32time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation) [File not signed]
S4 adpu160m; C:\WINDOWS\system32\DRIVERS\adpu160m.sys [101888 2008-04-14] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-18] (Microsoft Corporation) [File not signed]
S4 agp440; C:\WINDOWS\system32\DRIVERS\agp440.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 agpCPQ; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [44928 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Aha154x; C:\WINDOWS\system32\DRIVERS\aha154x.sys [12800 2008-04-14] (Microsoft Corporation) [File not signed]
S4 aic78u2; C:\WINDOWS\system32\DRIVERS\aic78u2.sys [55168 2008-04-14] (Microsoft Corporation) [File not signed]
S4 aic78xx; C:\WINDOWS\system32\DRIVERS\aic78xx.sys [56960 2008-04-14] (Microsoft Corporation) [File not signed]
S4 AliIde; C:\WINDOWS\system32\DRIVERS\aliide.sys [5248 2008-04-14] (Acer Laboratories Inc.) [File not signed]
S4 alim1541; C:\WINDOWS\system32\DRIVERS\alim1541.sys [42752 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S4 amdagp; C:\WINDOWS\system32\DRIVERS\amdagp.sys [43008 2008-04-14] (Advanced Micro Devices, Inc.) [File not signed]
S4 amsint; C:\WINDOWS\system32\DRIVERS\amsint.sys [12032 2008-04-14] (Microsoft Corporation) [File not signed]
S3 androidusb; C:\WINDOWS\System32\Drivers\ssadadb.sys [32064 2013-08-21] (Google Inc) [File not signed]
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
S4 asc; C:\WINDOWS\system32\DRIVERS\asc.sys [26496 2008-04-14] (Advanced System Products, Inc.) [File not signed]
S4 asc3350p; C:\WINDOWS\system32\DRIVERS\asc3350p.sys [22400 2008-04-14] (Microsoft Corporation) [File not signed]
S4 asc3550; C:\WINDOWS\system32\DRIVERS\asc3550.sys [14848 2008-04-14] (Advanced System Products, Inc.) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-05-06] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-25] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-09-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-09-25] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-09-25] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-25] (AVAST Software)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [428269 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30363 2006-02-01] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [854154 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [45475 2006-02-01] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [64344 2006-02-01] (Broadcom Corporation.) [File not signed]
S4 cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
S4 cd20xrnt; C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys [7680 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
S4 CmdIde; C:\WINDOWS\system32\DRIVERS\cmdide.sys [6656 2008-04-14] (CMD Technology, Inc.) [File not signed]
S4 Cpqarray; C:\WINDOWS\system32\DRIVERS\cpqarray.sys [14976 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ctsfm2k; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [138752 2005-01-10] (Creative Technology Ltd) [File not signed]
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.) [File not signed]
S4 dac2w2k; C:\WINDOWS\system32\DRIVERS\dac2w2k.sys [179584 2008-04-14] (Mylex Corporation) [File not signed]
S4 dac960nt; C:\WINDOWS\system32\DRIVERS\dac960nt.sys [14720 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\system32\Drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dpti2o; C:\WINDOWS\system32\DRIVERS\dpti2o.sys [20192 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 E100B; C:\WINDOWS\System32\DRIVERS\e100b325.sys [155648 2004-10-14] (Intel Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 hpn; C:\WINDOWS\system32\DRIVERS\hpn.sys [25952 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [212224 2003-11-17] (Conexant Systems, Inc.) [File not signed]
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [1042432 2003-11-17] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-21] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 i2omp; C:\WINDOWS\system32\DRIVERS\i2omp.sys [18560 2008-04-14] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ini910u; C:\WINDOWS\system32\DRIVERS\ini910u.sys [16000 2008-04-14] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.) [File not signed]
S3 LHidKe; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [27008 2005-12-20] (Logitech, Inc.) [File not signed]
S3 LMouKE; C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [69376 2005-12-20] (Logitech, Inc.) [File not signed]
R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [11043 2003-04-09] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2008-04-14] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 mraid35x; C:\WINDOWS\system32\DRIVERS\mraid35x.sys [17280 2008-04-14] (American Megatrends Inc.) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-16] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-22] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-09] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-28] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) [File not signed]
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 nmwcd; C:\WINDOWS\System32\drivers\ccdcmb.sys [18048 2010-07-30] (Nokia) [File not signed]
S3 nmwcdc; C:\WINDOWS\System32\drivers\ccdcmbo.sys [23040 2010-07-30] (Nokia) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ossrv; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [106496 2005-01-10] (Creative Technology Ltd.) [File not signed]
S3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation) [File not signed]
S3 pccsmcfd; C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
S4 perc2; C:\WINDOWS\system32\DRIVERS\perc2.sys [27296 2008-04-14] (Microsoft Corporation) [File not signed]
S4 perc2hib; C:\WINDOWS\system32\DRIVERS\perc2hib.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [8704 2004-12-22] (Creative Technology Ltd.) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S4 ql1080; C:\WINDOWS\system32\DRIVERS\ql1080.sys [40320 2008-04-14] (QLogic Corporation) [File not signed]
S4 Ql10wnt; C:\WINDOWS\system32\DRIVERS\ql10wnt.sys [33152 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ql12160; C:\WINDOWS\system32\DRIVERS\ql12160.sys [45312 2008-04-14] (QLogic Corporation) [File not signed]
S4 ql1240; C:\WINDOWS\system32\DRIVERS\ql1240.sys [40448 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ql1280; C:\WINDOWS\system32\DRIVERS\ql1280.sys [49024 2008-04-14] (QLogic Corporation) [File not signed]
S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\wg111v2.sys [167808 2006-03-27] (NETGEAR Inc.) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [39552 2002-04-09] (Prolific Technology Inc.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\DRIVERS\sermouse.sys [17664 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sigfilt; C:\WINDOWS\System32\drivers\sigfilt.sys [1350784 2005-09-21] (Creative Technology Ltd.) [File not signed]
S4 sisagp; C:\WINDOWS\system32\DRIVERS\sisagp.sys [40960 2008-04-14] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) [File not signed]
S4 Sparrow; C:\WINDOWS\system32\DRIVERS\sparrow.sys [19072 2008-04-14] (Adaptec, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2009-01-19] (Duplex Secure Ltd.)
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-18] (Microsoft Corporation) [File not signed]
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1022040 2005-08-17] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 symc810; C:\WINDOWS\system32\DRIVERS\symc810.sys [16256 2008-04-14] (Symbios Logic Inc.) [File not signed]
S4 symc8xx; C:\WINDOWS\system32\DRIVERS\symc8xx.sys [32640 2008-04-14] (LSI Logic) [File not signed]
S4 sym_hi; C:\WINDOWS\system32\DRIVERS\sym_hi.sys [28384 2008-04-14] (LSI Logic) [File not signed]
S4 sym_u3; C:\WINDOWS\system32\DRIVERS\sym_u3.sys [30688 2008-04-14] (LSI Logic) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
S4 TosIde; C:\WINDOWS\system32\DRIVERS\toside.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ultra; C:\WINDOWS\system32\DRIVERS\ultra.sys [36736 2008-04-14] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upperdev; C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys [8192 2010-07-30] (Nokia) [File not signed]
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [26240 2013-08-29] (Microsoft Corporation) [File not signed]
S3 UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [8192 2010-07-30] (Nokia) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [123008 2013-07-17] (Microsoft Corporation) [File not signed]
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\WINDOWS\System32\DRIVERS\usb8023x.sys [12928 2013-02-12] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 viaagp; C:\WINDOWS\system32\DRIVERS\viaagp.sys [42240 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ViaIde; C:\WINDOWS\system32\DRIVERS\viaide.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam.sys [11520 2008-05-06] (Western Digital Technologies) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [680704 2003-11-17] (Conexant Systems, Inc.) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [91904 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [132224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 bvrp_pci; no ImagePath
S3 catchme; \??\C:\DOCUME~1\CLuTsTa\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; no ImagePath
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PalmUSBD; no ImagePath
S3 Pcouffin; no ImagePath
S3 pepifilter; system32\DRIVERS\lv302af.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U3 TlntSvr; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2027-01-22 16:18 - 2027-01-22 16:18 - 00003120 ____C C:\WINDOWS\33orpae.tpi
2015-10-22 03:49 - 2015-10-22 03:53 - 00055936 _____ C:\Documents and Settings\CLuTsTa\Desktop\FRST.txt
2015-10-22 03:43 - 2015-10-22 03:43 - 00000691 _____ C:\dude.conf
2015-10-22 03:20 - 2015-10-22 03:49 - 00000000 ____D C:\FRST
2015-10-22 03:19 - 2015-10-22 03:19 - 01700864 _____ (Farbar) C:\Documents and Settings\CLuTsTa\Desktop\FRST.exe
2015-10-21 02:44 - 2015-10-21 02:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\The Dude
2015-10-21 01:15 - 2015-10-21 21:11 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\TELSTRA
2015-10-21 01:00 - 2015-09-27 21:46 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20151021-010042.backup
2015-10-21 00:54 - 2015-10-21 01:13 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-21 00:53 - 2015-10-21 00:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-21 00:53 - 2015-10-21 00:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-21 00:53 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-21 00:53 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-21 00:39 - 2015-10-21 00:39 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\CLuTsTa\Desktop\mbam-setup-org-2.2.0.1024.exe
2015-10-21 00:13 - 2015-10-21 02:46 - 00000000 ____D C:\Program Files\Dude
2015-10-21 00:09 - 2015-10-21 00:10 - 03702898 _____ C:\Documents and Settings\CLuTsTa\Desktop\dude-install-3.6.exe
2015-10-20 13:46 - 2015-09-23 21:15 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\nmap-6.49BETA5
2015-10-20 12:21 - 2015-10-20 14:05 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Epping
2015-10-17 15:03 - 2015-10-17 16:57 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\UGK - Dirty Money -mndgme-
2015-10-16 15:44 - 2015-10-18 09:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-09 06:47 - 2015-10-22 03:48 - 00001456 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-10-08 18:09 - 2015-10-08 18:10 - 00000000 ___RD C:\Program Files\Skype
2015-09-27 21:46 - 2015-09-27 21:21 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150927-204633.backup
2015-09-27 21:21 - 2015-08-26 02:00 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150927-202106.backup
2015-09-27 14:01 - 2015-09-27 14:01 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\New Folder
2015-09-25 12:04 - 2015-09-25 12:04 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-25 12:04 - 2015-09-25 12:04 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-22 03:55 - 2013-09-21 12:55 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2015-10-22 03:53 - 2011-02-28 21:41 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Local Settings\temp
2015-10-22 03:50 - 2004-08-10 16:02 - 01487537 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-22 03:47 - 2015-07-21 07:50 - 00000898 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-22 03:46 - 2009-11-09 21:10 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\Skype
2015-10-22 03:45 - 2004-08-10 16:08 - 00032612 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-22 03:44 - 2013-03-04 17:27 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-10-22 03:39 - 2004-08-10 15:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-22 03:39 - 2004-08-10 15:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-22 03:38 - 2015-07-27 02:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-10-22 03:38 - 2013-01-27 05:13 - 00100433 _____ C:\WINDOWS\wmsetup.log
2015-10-22 03:37 - 2015-07-21 07:50 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-22 03:37 - 2014-06-22 18:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-22 03:37 - 2014-04-10 15:45 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-22 03:37 - 2004-08-10 16:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-22 03:35 - 2012-06-01 19:03 - 00000178 ___SH C:\Documents and Settings\Dre\ntuser.ini
2015-10-22 03:35 - 2012-06-01 19:03 - 00000000 ____D C:\Documents and Settings\Dre\Local Settings\Temp
2015-10-22 03:35 - 2012-06-01 19:03 - 00000000 ____D C:\Documents and Settings\Dre
2015-10-22 03:29 - 2015-08-07 22:45 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-10-22 03:29 - 2015-08-07 22:45 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-10-22 03:22 - 2014-06-22 18:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-22 03:13 - 2012-04-20 19:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-22 03:08 - 2009-07-15 14:35 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-10-22 02:22 - 2007-09-01 22:51 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google
2015-10-22 02:22 - 2006-06-29 16:54 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\Mozilla
2015-10-22 02:17 - 2011-12-31 18:09 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006UA.job
2015-10-22 01:28 - 2004-08-10 15:51 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-21 23:57 - 2015-08-10 16:20 - 00452116 ___SH C:\Documents and Settings\CLuTsTa\Desktop\Thumbs.db
2015-10-21 23:13 - 2014-01-18 20:12 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\uTorrent
2015-10-21 21:14 - 2013-01-25 09:30 - 00000000 ___RD C:\Documents and Settings\CLuTsTa\My Documents\Dropbox
2015-10-21 20:59 - 2012-10-14 11:10 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\Dropbox
2015-10-21 10:01 - 2009-03-14 03:50 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-10-21 08:17 - 2011-12-31 18:09 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006Core.job
2015-10-21 03:43 - 2011-09-27 01:57 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Application Data\vlc
2015-10-21 00:53 - 2015-07-27 02:52 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-10-20 21:43 - 2006-06-30 11:01 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Adobe
2015-10-20 18:49 - 2006-06-29 15:40 - 00000178 ___SH C:\Documents and Settings\CLuTsTa\ntuser.ini
2015-10-20 18:49 - 2006-06-29 15:40 - 00000000 ____D C:\Documents and Settings\CLuTsTa
2015-10-20 18:12 - 2015-07-27 11:48 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\JUL '15
2015-10-20 17:52 - 2004-08-10 15:51 - 00000316 ___SH C:\boot.ini
2015-10-19 13:42 - 2012-11-05 17:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-10-18 18:59 - 2014-04-10 09:12 - 00480339 _____ C:\WINDOWS\setupapi.log
2015-10-18 09:10 - 2012-05-03 13:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-17 19:19 - 2011-07-13 19:23 - 00102980 _____ C:\WINDOWS\setupact.log
2015-10-17 16:57 - 2012-11-02 00:52 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\DAWG
2015-10-17 14:54 - 2015-09-02 01:50 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Ultilli
2015-10-17 07:42 - 2015-05-13 23:55 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\LAXATIVES
2015-10-17 06:15 - 2015-02-17 22:57 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Market 8
2015-10-17 05:31 - 2015-01-18 23:54 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\NZ BREW
2015-10-16 19:23 - 2014-02-01 23:23 - 00000000 ____D C:\Documents and Settings\CLuTsTa\My Documents\SelfMV
2015-10-16 19:10 - 2004-08-10 15:57 - 00592182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-15 12:27 - 2009-05-16 20:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-09 07:03 - 2009-05-27 11:00 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\PICS
2015-10-08 18:18 - 2010-12-27 11:16 - 01122776 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-10-08 18:18 - 2010-12-27 11:16 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-10-08 18:17 - 2010-12-27 11:16 - 01122776 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-10-08 18:17 - 2010-12-27 11:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-08 18:17 - 2006-06-09 02:48 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-10-08 18:16 - 2004-08-10 15:52 - 00000000 ____D C:\WINDOWS\Media
2015-10-08 18:11 - 2011-09-04 11:18 - 00108544 _____ C:\WINDOWS\spupdsvc.log
2015-10-08 18:10 - 2009-11-09 21:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-10-08 18:10 - 2007-04-14 01:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-10-08 18:02 - 2014-03-04 21:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-10-08 18:02 - 2006-06-09 02:56 - 00000000 ____D C:\Program Files\Java
2015-10-08 17:56 - 2012-04-20 19:21 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-08 17:56 - 2011-11-29 07:32 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-08 15:00 - 2014-04-10 15:45 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-10-04 14:27 - 2014-05-24 11:33 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\CLuTZ REGGAE
2015-10-03 11:15 - 2014-09-20 11:56 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\YOUKAY
2015-10-01 07:31 - 2015-07-27 02:52 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-09-27 08:25 - 2013-01-06 15:18 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\MOODMACHINE
2015-09-26 23:28 - 2015-07-25 14:30 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\SUNDOWNERS
2015-09-26 23:13 - 2011-11-01 14:45 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Dre's Easy Listening
2015-09-26 12:35 - 2015-08-23 14:54 - 00000000 ____D C:\Documents and Settings\CLuTsTa\Desktop\Californication
2015-09-26 12:35 - 2007-01-25 01:30 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2015-09-26 12:35 - 2006-06-29 17:40 - 00170496 _____ C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 12:07 - 2015-07-27 01:03 - 00277173 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-25 12:04 - 2015-07-27 01:02 - 00157888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-25 12:04 - 2014-06-10 15:36 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00789296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00434184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-25 12:04 - 2013-03-04 17:27 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
==================== Files in the root of some directories =======
2006-12-15 11:55 - 2006-12-15 11:55 - 0002508 _____ () C:\Documents and Settings\CLuTsTa\Application Data\$_hpcst$.hpc
2010-12-27 11:06 - 2010-12-27 11:06 - 0138056 _____ () C:\Documents and Settings\CLuTsTa\Application Data\PnkBstrK.sys
2006-06-29 17:40 - 2015-09-26 12:35 - 0170496 _____ () C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-18 16:07 - 2006-07-18 16:07 - 0000130 _____ () C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\fusioncache.dat
2008-05-19 20:56 - 2008-05-19 22:10 - 0001743 ____C () C:\Documents and Settings\All Users\Nokia Connectivity Cable Driver 1.00.150.6.LOG
2008-05-19 20:55 - 2008-05-19 21:26 - 0001724 _____ () C:\Documents and Settings\All Users\Nokia PC Suite 6.60.18.LOG
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
Some files in TEMP:
====================
C:\Documents and Settings\CLuTsTa\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmjgqy5.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by CLuTsTa (2015-10-22 03:56:56)
Running from C:\Documents and Settings\CLuTsTa\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-12-16 11:44:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-867479323-834159104-2347132788-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
CLuTsTa (S-1-5-21-867479323-834159104-2347132788-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\CLuTsTa
Dre (S-1-5-21-867479323-834159104-2347132788-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dre
Guest (S-1-5-21-867479323-834159104-2347132788-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-867479323-834159104-2347132788-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-867479323-834159104-2347132788-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Ethernet Utility (HKLM\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.3 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Engine Analyzer Pro v3.3 (HKLM\...\{FE9C7463-77A6-4B64-8891-550B7E3505F2}) (Version: 3.3 - Performance Trends Inc)
EvoScan v2.6 (HKLM\...\{EA5247AC-F1F7-4B95-94CC-4B648C1985BB}) (Version: 2.6.20 - EvoScan)
Express Gate (HKLM\...\{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}) (Version: 1.2.8.0 - DeviceVM, Inc.)
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
ITB HD BLACK-BOX PC Player (HKLM\...\ITB HD BLACK-BOX PC Player) (Version: 1.1.0 - iTronics)
J2SE Runtime Environment 5.0 Update 9 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Logitech QuickCam (HKLM\...\{937B232D-9776-471E-92BD-D424E514EF14}) (Version: 11.90.1263 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliType Pro 6.2 (HKLM\...\{345112D9-0930-4A68-AB71-A831BA5DE7AA}) (Version: 6.20.182.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (HKLM\...\IDNMitigationAPIs) (Version: - Microsoft Corporation)
Microsoft National Language Support Downlevel APIs (HKLM\...\NLSDownlevelMapping) (Version: - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Mitsubishi Computerized Automatic Parts Searching System (CAPS) (HKLM\...\Mitsubishi_caps) (Version: - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MS Word Save Dot As Doc Software 7.0 (HKLM\...\MS Word Save Dot As Doc Software_is1) (Version: - Sobolsoft)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{4216D328-0FE8-48B8-85B8-BD300E6F080F}) (Version: 7.1.36.0 - Nokia)
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OGA Notifier 1.7.0105.35.0 (Version: 1.7.0105.35.0 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
Quake Live Mozilla Plugin (HKLM\...\{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}) (Version: 1.0.401 - id Software)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 2.50 - Logitech)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Sound Blaster Audigy ADVANCED MB Product Registration (HKLM\...\Sound Blaster Audigy ADVANCED MB Product Registration) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Dude (HKLM\...\Dude) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.814 - Logitech)
WinAce Archiver (HKLM\...\WinAce Archiver) (Version: 2.65 - e-merge GmbH)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Driver Package - Nokia Modem (03/05/2008 3.7) (HKLM\...\CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A) (Version: 03/05/2008 3.7 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\CLuTsTa\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PictPreview.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Photos.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Photos.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{47052E2F-3D7D-43F9-93CB-AD85D062D097}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.129\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{74531205-74DC-48FF-953B-3B6DC988424F}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{9D3B3E2B-1789-4A83-8050-5ED8307B02E5}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Application Data\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll => No File
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dl (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-867479323-834159104-2347132788-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll (the data entry has 10 more characters).
==================== Restore Points =========================
16-08-2015 09:01:19 Software Distribution Service 3.0
17-08-2015 09:00:54 Software Distribution Service 3.0
18-08-2015 09:01:30 Software Distribution Service 3.0
19-08-2015 09:01:07 Software Distribution Service 3.0
19-08-2015 09:52:32 Software Distribution Service 3.0
20-08-2015 09:00:57 Software Distribution Service 3.0
20-08-2015 13:32:47 Software Distribution Service 3.0
21-08-2015 09:00:58 Software Distribution Service 3.0
22-08-2015 09:00:58 Software Distribution Service 3.0
23-08-2015 09:00:49 Software Distribution Service 3.0
24-08-2015 09:01:00 Software Distribution Service 3.0
25-08-2015 09:01:00 Software Distribution Service 3.0
26-08-2015 01:53:37 Software Distribution Service 3.0
26-08-2015 09:00:26 Software Distribution Service 3.0
27-08-2015 09:00:25 Software Distribution Service 3.0
27-08-2015 17:46:19 Software Distribution Service 3.0
28-08-2015 09:00:19 Software Distribution Service 3.0
29-08-2015 09:05:46 System Checkpoint
30-08-2015 11:43:56 System Checkpoint
31-08-2015 12:24:14 System Checkpoint
01-09-2015 13:05:14 System Checkpoint
02-09-2015 15:51:14 System Checkpoint
03-09-2015 16:36:36 System Checkpoint
04-09-2015 17:36:34 System Checkpoint
05-09-2015 18:36:34 System Checkpoint
06-09-2015 19:36:34 System Checkpoint
07-09-2015 20:36:35 System Checkpoint
08-09-2015 21:36:35 System Checkpoint
10-09-2015 12:17:33 System Checkpoint
10-09-2015 18:25:30 Software Distribution Service 3.0
11-09-2015 09:00:57 Software Distribution Service 3.0
12-09-2015 09:00:55 Software Distribution Service 3.0
13-09-2015 09:01:11 Software Distribution Service 3.0
14-09-2015 09:00:57 Software Distribution Service 3.0
15-09-2015 09:01:37 Software Distribution Service 3.0
16-09-2015 09:00:22 Software Distribution Service 3.0
17-09-2015 09:26:38 System Checkpoint
18-09-2015 11:17:38 System Checkpoint
19-09-2015 11:20:03 System Checkpoint
20-09-2015 12:49:44 System Checkpoint
21-09-2015 13:21:17 System Checkpoint
22-09-2015 14:21:18 System Checkpoint
23-09-2015 15:51:28 System Checkpoint
24-09-2015 16:21:21 System Checkpoint
25-09-2015 12:04:14 avast! antivirus system restore point
25-09-2015 12:07:37 Installed Windows XP Wdf01009.
26-09-2015 12:20:13 System Checkpoint
27-09-2015 12:51:32 System Checkpoint
28-09-2015 14:42:22 System Checkpoint
29-09-2015 15:32:28 System Checkpoint
30-09-2015 15:37:22 System Checkpoint
01-10-2015 16:37:21 System Checkpoint
02-10-2015 16:44:36 System Checkpoint
03-10-2015 17:20:20 System Checkpoint
04-10-2015 17:37:22 System Checkpoint
05-10-2015 18:37:24 System Checkpoint
06-10-2015 19:25:38 System Checkpoint
07-10-2015 20:25:37 System Checkpoint
08-10-2015 18:09:49 Software Distribution Service 3.0
08-10-2015 18:15:40 Software Distribution Service 3.0
09-10-2015 18:39:51 System Checkpoint
10-10-2015 19:39:52 System Checkpoint
11-10-2015 19:44:16 System Checkpoint
12-10-2015 21:27:56 System Checkpoint
13-10-2015 21:39:50 System Checkpoint
14-10-2015 17:29:37 Software Distribution Service 3.0
15-10-2015 08:01:16 Software Distribution Service 3.0
15-10-2015 12:24:40 Software Distribution Service 3.0
16-10-2015 14:22:27 System Checkpoint
17-10-2015 15:37:21 System Checkpoint
18-10-2015 16:26:31 System Checkpoint
19-10-2015 18:16:34 System Checkpoint
20-10-2015 19:12:27 System Checkpoint
21-10-2015 19:56:29 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 15:51 - 2015-10-21 01:00 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 15467 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\CLuTsTa\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006Core.job => C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-867479323-834159104-2347132788-1006UA.job => C:\Documents and Settings\CLuTsTa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (Whitelisted) ==============
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.97 MB
Available physical RAM: 724.53 MB
Total Virtual: 5985.28 MB
Available Virtual: 4860.35 MB
==================== Drives ================================
Drive c: (system) (Fixed) (Total:148.97 GB) (Free:36.06 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (bic boiiii) (Fixed) (Total:465.75 GB) (Free:86.04 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 9FC69FC6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Sign In
Create Account
