Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rogue: JS/Fake Call.D

2nd time - different computer

  • Please log in to reply

#1
joseph456

joseph456

    Member

  • Member
  • PipPipPip
  • 345 posts

On some relatively harmless websites - listening to the radio - all of a sudden MSE notifies me that this malware is on my computer, advises not needed to do anything, and quarantines.  Ran a second time, another detection, removed.  MSE continues running and finds no other occurences.

 

Running MB now.

 

Windows XP

 

Appreciate any help

 

Here is the Farbar report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-11-2015
Ran by Administrator (administrator) on S0034324532 (21-11-2015 19:54:56)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Computer Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Microsoft Corporation) C:\WINNT\system32\taskmgr.exe
(Microsoft Corporation) C:\WINNT\system32\wscntfy.exe
(Microsoft Corporation) C:\WINNT\system32\wbem\wmiprvse.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PRONoMgrWired] => C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [86016 2003-08-06] (Intel® Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll [2005-08-09] (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINNT\system32\WgaLogon.dll [2008-09-05] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\RunOnce: [Adobe Speed Launcher] => 1448150489
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {5e59674a-b37a-11e1-9bd2-00904b847847} - F:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {663fc156-6412-11e1-9ba3-00904b847847} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {8382f4fc-c626-11dd-9808-00904b847847} - E:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {9f2e57b0-d2a7-11dd-9825-00904b847847} - E:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINNT\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Billminder.lnk [2004-10-20]
ShortcutTarget: Billminder.lnk -> C:\QUICKENW\billmind.exe (Intuit)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896 2008-04-13] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\rsvpsp.dll [92672 2008-04-13] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\rsvpsp.dll [92672 2008-04-13] (Microsoft Corporation)
Tcpip\..\Interfaces\{050C88C6-9DB9-4307-B7C2-8D384252F0A1}: [DhcpNameServer] 192.168.100.5

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.overture.com/d/search/p/iepanel/5/cold.jhtml?type=MSIE5panel&Keywords={searchTerms}
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.netaddress.com/tpl/Door/Login?Domain=usa.net&Reason=InvalidSessionID
hxxps://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=2&ct=1376750052&rver=6.1.6206.0&wp=MCMBI&wreply=hxxps:%2F%2Fportal.microsoftonline.com%2Flanding.aspx%3Ftarget%3D%252fdefault.aspx%253ft%253d3NBdyco7KGUYyzzXLGad9EMz25BtKoE2DSgOMqoYejxl%2521M%2521Yb0XGBeH4yekxQmXRvqOXqswaO9M4Q6zxg4Q3WTumYM3T0mA2D8bGrl%252a0ZVnsgV9fimZ5EBkRxU1mtWFSpCTG%2521JtKHz3DA%2524%2526p%253d3R8UzToB0EAZIsCBb5HQLqBxGT72kHvDgZsedr0mbRm0WU%2521Tdms8wJ%252a1qYiMpr%252aF%252awsRX6ONoOmf6tWbfGUQvUilPkICzddW7AIBl1DrTSnZQ0HPMz%2521wBAy4p%252aF%2521AR%252adGuoc0peTYoTp2Hajv%252aMjTADK2vxSdPCs7pxEt6xlW%2521W56vcIN3vA3nHNKHmSIxB634%2526mkt%253dEN-US%2526lc%253d1033%2526id%253d10&lc=1033&id=271346
hxxp://www.netvibes.com/en
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> DefaultScope {91E988AB-50B7-46B0-B45D-5CF6103F052F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> {91E988AB-50B7-46B0-B45D-5CF6103F052F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.netvibes.com/privatepage/2#General
hxxps://www.netaddress.com/tpl/Door/Login?Domain=usa.net&Reason=InvalidSessionID
hxxps://login.microsoftonline.com/
hxxp://www.google.com/webhp?nord=1
hxxps://news.google.com/
hxxps://www.google.com/finance
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-26] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-03-26] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINNT\system32\npDeployJava1.dll [2012-11-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-05-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S4 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [380928 2005-08-09] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
R2 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S4 Browser; C:\WINNT\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S4 cisvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S4 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R3 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S4 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\System32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
S4 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
R2 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 idsvc; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\System32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S4 mnmsrvc; C:\WINNT\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S4 MSDTC; C:\WINNT\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
S3 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 Netlogon; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-07-16] (Intel® Corporation) [File not signed]
S4 NetTcpPortSharing; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S4 NtLmSsp; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
S3 PassThru; C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe [77824 2003-10-15] () [File not signed]
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\System32\rsvp.exe [132608 2003-03-31] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S4 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\System32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S4 TlntSvr; C:\WINNT\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S4 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\WINNT\System32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S4 WLTRYSVC; C:\WINNT\System32\bcmwltry.exe [483328 2003-07-17] (Broadcom Corporation) [File not signed]
S4 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\System32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S4 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINNT\System32\dllhost.exe /Processid:{C12704F8-F140-47C3-B50E-DD710A897F9E}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINNT\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2003-03-31] (Microsoft Corporation)
R0 adpu160m; C:\WINNT\system32\Drivers\adpu160m.sys [101888 2003-03-31] (Microsoft Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R3 AgereSoftModem; C:\WINNT\System32\DRIVERS\AGRSM.sys [1196352 2003-06-27] (Agere Systems)
R0 agp440; C:\WINNT\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation)
R0 aic78xx; C:\WINNT\system32\Drivers\aic78xx.sys [56960 2003-03-31] (Microsoft Corporation)
S3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
R3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [1273856 2005-08-09] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINNT\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R3 BCM43XX; C:\WINNT\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2003-03-31] (Microsoft Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2003-03-31] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2003-03-31] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
S3 CO_Mon; C:\WINNT\system32\Drivers\CO_Mon.sys [28672 2006-04-26] () [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\system32\Drivers\dmload.sys [5888 2003-03-31] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 E1000; C:\WINNT\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
S3 E100B; C:\WINNT\System32\DRIVERS\e100b325.sys [117760 2001-08-17] (Intel Corporation)
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
R3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
R3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2003-03-31] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2003-03-31] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 grmnusb; C:\WINNT\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [274816 2003-07-03] (Intel Corporation)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 ip6fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2003-03-31] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINNT\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2003-03-31] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2003-03-31] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINNT\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2007-09-28] (Motive, Inc.) [File not signed]
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2007-09-28] (Motive, Inc.) [File not signed]
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
S3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2003-03-31] (Microsoft Corporation)
S3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2003-03-31] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2003-03-31] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
R3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
R2 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2003-03-31] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\system32\Drivers\PCIIde.sys [3328 2003-03-31] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
S1 Processor; C:\WINNT\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2003-03-31] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2003-03-31] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2003-03-31] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2003-03-31] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
S3 SDTHOOK; C:\WINNT\System32\DRIVERS\SDTHOOK.sys [44928 2007-06-05] (Panda Software) [File not signed]
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
S1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R3 STAC97; C:\WINNT\System32\drivers\STAC97.sys [252144 2003-10-14] (SigmaTel, Inc.)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [270544 2003-07-25] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation)
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation)
R1 UdfReadr; C:\WINNT\system32\Drivers\UdfReadr.sys [200704 2005-07-31] (Roxio)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R0 ultra; C:\WINNT\System32\DRIVERS\ultra.sys [36736 2003-03-31] (Promise Technology, Inc.)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
S4 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2003-03-31] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U5 FontCache3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S4 NetworkX; no ImagePath
S3 PROCEXP151; \??\C:\WINNT\system32\Drivers\PROCEXP151.SYS [X]
S4 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 19:46 - 2015-11-21 19:55 - 00037481 _____ C:\Documents and Settings\Administrator\desktop\FRST.txt
2015-11-21 19:01 - 2015-11-21 19:01 - 00112208 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-11-21 18:59 - 2015-11-21 18:59 - 00388792 _____ C:\WINNT\system32\FNTCACHE.DAT
2015-11-21 18:40 - 2015-11-21 19:46 - 00000000 ____D C:\FRST
2015-11-21 18:39 - 2015-11-21 18:39 - 01716736 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2015-11-21 18:35 - 2015-11-21 18:36 - 00852761 _____ C:\Documents and Settings\Administrator\desktop\SecurityCheck.exe
2015-11-07 16:36 - 2015-11-07 16:37 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 19:55 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-11-21 19:45 - 2003-10-06 16:26 - 00000000 ____D C:\WINNT\Temp
2015-11-21 19:10 - 2013-11-14 09:39 - 00000384 ____H C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-11-21 19:10 - 2009-10-26 19:54 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2015-11-21 19:04 - 2011-12-13 21:25 - 01188546 _____ C:\WINNT\WindowsUpdate.log
2015-11-21 19:03 - 2009-10-26 18:57 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2015-11-21 19:01 - 1980-01-01 00:00 - 00001158 _____ C:\WINNT\system32\wpa.dbl
2015-11-21 19:00 - 2004-09-06 03:27 - 00000000 ____D C:\WINNT\system32\NtmsData
2015-11-21 18:59 - 2014-04-05 08:57 - 00000006 ____H C:\WINNT\Tasks\SA.DAT
2015-11-21 18:59 - 2012-12-03 21:49 - 00000159 _____ C:\WINNT\wiadebug.log
2015-11-21 18:59 - 2012-12-03 21:49 - 00000050 _____ C:\WINNT\wiaservc.log
2015-11-21 18:58 - 2011-12-13 21:26 - 00032552 _____ C:\WINNT\SchedLgU.Txt
2015-11-21 18:58 - 2003-10-06 16:47 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-11-21 09:46 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-11-19 09:40 - 2005-08-02 20:10 - 00004616 ____H C:\Documents and Settings\Administrator\My Documents\Default.rdp
2015-11-17 18:02 - 2004-10-20 19:14 - 00002249 _____ C:\WINNT\QUICKEN.INI
2015-11-14 15:02 - 2009-10-28 00:01 - 00005336 _____ C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2015-11-14 15:01 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-12 22:51 - 2005-08-05 21:13 - 00000000 ____D C:\Program Files\pdf995
2015-11-12 17:59 - 2004-10-20 19:13 - 00000000 ____D C:\QUICKENW
2015-11-12 09:50 - 2009-10-26 18:56 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2015-11-12 09:49 - 2012-02-16 13:59 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2015-11-12 09:45 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-11-12 09:20 - 2003-10-06 16:31 - 00604222 _____ C:\WINNT\system32\PerfStringBackup.INI
2015-11-12 09:18 - 2015-09-06 22:16 - 00017842 _____ C:\WINNT\setupapi.log
2015-11-11 10:02 - 2013-07-11 20:01 - 00000000 ____D C:\WINNT\system32\MRT
2015-11-11 09:50 - 2005-10-25 23:25 - 143250520 _____ (Microsoft Corporation) C:\WINNT\system32\MRT.exe
2015-10-29 08:32 - 2014-04-02 22:47 - 00170200 _____ (Malwarebytes) C:\WINNT\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 14:53 - 2014-10-25 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-10-24 14:51 - 2012-12-01 23:52 - 00780488 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2015-10-24 14:51 - 2012-12-01 23:52 - 00142536 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-10-08 20:41 - 2013-10-08 20:41 - 0000288 _____ () C:\Documents and Settings\Administrator\Application Data\.backup.dm
2009-10-28 00:01 - 2015-11-14 15:02 - 0005336 _____ () C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2012-11-29 21:29 - 2012-12-08 22:00 - 0229395 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\clear.log
2005-10-18 20:18 - 2012-04-13 17:50 - 0010240 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-11-10 20:48 - 2005-11-10 20:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Documents and Settings\Administrator\remote.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\dnsapi.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

and the Addition Text:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-11-2015
Ran by Administrator (2015-11-21 19:56:17)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-10-25 02:52:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515416071-1635729839-3118798863-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515416071-1635729839-3118798863-1003 - Limited - Enabled)
Computer Admin (S-1-5-21-515416071-1635729839-3118798863-1014 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Computer Admin
Guest (S-1-5-21-515416071-1635729839-3118798863-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-515416071-1635729839-3118798863-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-515416071-1635729839-3118798863-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Ahead Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.163-050809a1-026378C-Gateway - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd)
BCM Wireless Network Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version:  - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Calculator Powertoy for Windows XP (HKLM\...\{B37C842A-B624-46B8-A727-654E72F1C91A}) (Version: 1.00.0001 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version:  - )
Canon MP490 series User Registration (HKLM\...\Canon MP490 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CleanCache 3.5 (HKLM\...\CleanCache 3.0_is1) (Version:  - ButtUglySoftware)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
Garmin Communicator Plugin (HKLM\...\{C7DD94A8-F775-426C-B56C-8E555A59F9E2}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Gateway Drivers and Applications Recovery (HKLM\...\Gateway Drivers and Applications Recovery) (Version:  - )
Google Update Helper (Version: 1.2.183.39 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{16906D21-0656-4F8B-9A01-C3D24B5401FC}) (Version: 7.10.0000 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft® Winter Fun Pack 2004 for Windows® XP (HKLM\...\{038A524F-58DB-438A-8391-8F7F0CA14B9E}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Quicken Deluxe 98 (HKLM\...\Quicken Deluxe 98) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Signature995 (HKLM\...\Signature995) (Version:  - )
SoftPerfect WiFi Guard version 1.0.3 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.3 - SoftPerfect Research)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.6.1.0 - )
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Taskbar Shuffle version 2.5 (HKLM\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\WinDirStat) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 9 Series TweakMP PowerToy (HKLM\...\TweakMP9) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPhlash (HKLM\...\WinPhlash) (Version:  - )
WinPoker 6 Shareware (HKLM\...\WinPokerushr) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{01329177-32B9-43A7-A4DE-98C73B23B340}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{07B27DE3-0C8C-4F21-B249-ED5BDC5AFF6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{08D1779E-7D4B-4B64-8F9F-AA29DE48DAA3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{62022DB3-AEBA-4E84-9D13-4F4AEDD8FCBA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{664E2200-24DB-11D2-9A82-444553540000}\InprocServer32 -> C:\WINNT\system32\SPR32X30.OCX (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{7BB7994B-5297-49B3-A42C-4812B51D8331}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{A28E8A2F-75FD-4809-897D-8CEE473E9A72}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{B47C6567-880B-40F7-989D-F944BDE4E446}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{BAB5D6C9-3634-4D96-88CF-5A8B10C1996C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{E2454650-4D87-11D2-B8B2-0000C00A958C}\InprocServer32 -> C:\WINNT\system32\SPR32X30.OCX (FarPoint Technologies, Inc.)

==================== Restore Points =========================

24-10-2015 14:56:25 Software Distribution Service 3.0
01-11-2015 10:22:20 Software Distribution Service 3.0
24-10-2015 14:56:25 Software Distribution Service 3.0
07-11-2015 16:31:34 Software Distribution Service 3.0
07-11-2015 16:31:40 Software Distribution Service 3.0
27-10-2015 08:42:38 System Checkpoint
07-11-2015 16:31:43 Software Distribution Service 3.0
21-11-2015 19:53:28 Software Distribution Service 3.0
21-11-2015 19:53:28 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
01-11-2015 17:53:08 Software Distribution Service 3.0
03-11-2015 09:25:28 Software Distribution Service 3.0
05-11-2015 09:07:26 Software Distribution Service 3.0
21-11-2015 19:53:43 Software Distribution Service 3.0
07-11-2015 11:13:20 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
11-11-2015 09:48:34 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
13-11-2015 10:38:47 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
21-11-2015 19:53:26 System Checkpoint
15-11-2015 18:35:21 Software Distribution Service 3.0
17-11-2015 08:49:59 Software Distribution Service 3.0
18-11-2015 09:25:32 Software Distribution Service 3.0
19-11-2015 18:07:40 Software Distribution Service 3.0
21-11-2015 09:46:15 Software Distribution Service 3.0

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

1980-01-01 00:00 - 2012-10-25 18:13 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (Whitelisted) ==============

2004-10-25 22:29 - 2006-06-26 18:02 - 00049852 _____ () C:\WINNT\system32\pdf995mon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\.DEFAULT\...\2020search.com -> 2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\.DEFAULT\...\24teen.com -> 24teen.com
IE restricted site: HKU\.DEFAULT\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\.DEFAULT\...\36site.com -> 36site.com

There are 1144 more sites.

IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\S-1-5-19\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-19\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-19\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-19\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\S-1-5-19\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-19\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\S-1-5-19\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\S-1-5-19\...\24teen.com -> 24teen.com
IE restricted site: HKU\S-1-5-19\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\S-1-5-19\...\36site.com -> 36site.com

There are 1142 more sites.

IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\S-1-5-20\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-20\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-20\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-20\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\S-1-5-20\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-20\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\S-1-5-20\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\S-1-5-20\...\24teen.com -> 24teen.com
IE restricted site: HKU\S-1-5-20\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\S-1-5-20\...\36site.com -> 36site.com

There are 1142 more sites.

IE trusted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\geekstogo.com -> hxxp://www.geekstogo.com
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\ashenvale.xu.pl -> ashenvale.xu.pl
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\blender.xu.pl -> blender.xu.pl
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.ar -> fastmp3search.com.ar
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.au -> imrworldwide.com.au
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.br -> haren.com.br
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.ru -> xxxxxx.com.ru
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\dsm.xu.pl -> dsm.xu.pl
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\xu.xu.pl -> xu.xu.pl

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515416071-1635729839-3118798863-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\dxdiag.exe] => Enabled:Microsoft DirectX Diagnostic Tool
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [50000:UDP] => Enabled:IHA_MessageCenter
StandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour Port 5353

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NetworkX
Description: NetworkX
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetworkX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2015 07:50:01 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/21/2015 06:54:40 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/21/2015 05:52:32 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (11/21/2015 05:52:32 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (11/12/2015 05:41:12 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.12205.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/05/2015 09:28:05 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (10/27/2015 07:51:20 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (10/27/2015 07:51:20 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (10/17/2015 04:56:45 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/12/2015 08:19:07 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (11/21/2015 07:49:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/21/2015 06:59:36 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/18/2015 09:08:29 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/18/2015 09:08:23 AM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC

Error: (11/15/2015 11:18:54 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/12/2015 09:53:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/12/2015 09:47:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/12/2015 09:47:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (11/11/2015 09:11:10 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/07/2015 00:20:21 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 2046.98 MB
Available physical RAM: 1520.9 MB
Total Virtual: 3956.65 MB
Available Virtual: 3632.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:8.95 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 7D067D06)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by joseph456, 21 November 2015 - 07:04 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP