On some relatively harmless websites - listening to the radio - all of a sudden MSE notifies me that this malware is on my computer, advises not needed to do anything, and quarantines. Ran a second time, another detection, removed. MSE continues running and finds no other occurences.
Running MB now.
Windows XP
Appreciate any help
Here is the Farbar report:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-11-2015
Ran by Administrator (administrator) on S0034324532 (21-11-2015 19:54:56)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Computer Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Microsoft Corporation) C:\WINNT\system32\taskmgr.exe
(Microsoft Corporation) C:\WINNT\system32\wscntfy.exe
(Microsoft Corporation) C:\WINNT\system32\wbem\wmiprvse.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PRONoMgrWired] => C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [86016 2003-08-06] (Intel® Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll [2005-08-09] (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINNT\system32\WgaLogon.dll [2008-09-05] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\RunOnce: [Adobe Speed Launcher] => 1448150489
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {5e59674a-b37a-11e1-9bd2-00904b847847} - F:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {663fc156-6412-11e1-9ba3-00904b847847} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {8382f4fc-c626-11dd-9808-00904b847847} - E:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {9f2e57b0-d2a7-11dd-9825-00904b847847} - E:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINNT\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Billminder.lnk [2004-10-20]
ShortcutTarget: Billminder.lnk -> C:\QUICKENW\billmind.exe (Intuit)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896 2008-04-13] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\rsvpsp.dll [92672 2008-04-13] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\rsvpsp.dll [92672 2008-04-13] (Microsoft Corporation)
Tcpip\..\Interfaces\{050C88C6-9DB9-4307-B7C2-8D384252F0A1}: [DhcpNameServer] 192.168.100.5
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.overture.com/d/search/p/iepanel/5/cold.jhtml?type=MSIE5panel&Keywords={searchTerms}
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.netaddress.com/tpl/Door/Login?Domain=usa.net&Reason=InvalidSessionID
hxxps://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=2&ct=1376750052&rver=6.1.6206.0&wp=MCMBI&wreply=hxxps:%2F%2Fportal.microsoftonline.com%2Flanding.aspx%3Ftarget%3D%252fdefault.aspx%253ft%253d3NBdyco7KGUYyzzXLGad9EMz25BtKoE2DSgOMqoYejxl%2521M%2521Yb0XGBeH4yekxQmXRvqOXqswaO9M4Q6zxg4Q3WTumYM3T0mA2D8bGrl%252a0ZVnsgV9fimZ5EBkRxU1mtWFSpCTG%2521JtKHz3DA%2524%2526p%253d3R8UzToB0EAZIsCBb5HQLqBxGT72kHvDgZsedr0mbRm0WU%2521Tdms8wJ%252a1qYiMpr%252aF%252awsRX6ONoOmf6tWbfGUQvUilPkICzddW7AIBl1DrTSnZQ0HPMz%2521wBAy4p%252aF%2521AR%252adGuoc0peTYoTp2Hajv%252aMjTADK2vxSdPCs7pxEt6xlW%2521W56vcIN3vA3nHNKHmSIxB634%2526mkt%253dEN-US%2526lc%253d1033%2526id%253d10&lc=1033&id=271346
hxxp://www.netvibes.com/en
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> DefaultScope {91E988AB-50B7-46B0-B45D-5CF6103F052F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> {91E988AB-50B7-46B0-B45D-5CF6103F052F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.netvibes.com/privatepage/2#General
hxxps://www.netaddress.com/tpl/Door/Login?Domain=usa.net&Reason=InvalidSessionID
hxxps://login.microsoftonline.com/
hxxp://www.google.com/webhp?nord=1
hxxps://news.google.com/
hxxps://www.google.com/finance
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-26] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-03-26] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINNT\system32\npDeployJava1.dll [2012-11-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-05-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S4 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [380928 2005-08-09] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
R2 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S4 Browser; C:\WINNT\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S4 cisvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S4 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R3 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S4 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\System32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
S4 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
R2 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 idsvc; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\System32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S4 mnmsrvc; C:\WINNT\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S4 MSDTC; C:\WINNT\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
S3 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 Netlogon; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-07-16] (Intel® Corporation) [File not signed]
S4 NetTcpPortSharing; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S4 NtLmSsp; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
S3 PassThru; C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe [77824 2003-10-15] () [File not signed]
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\System32\rsvp.exe [132608 2003-03-31] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S4 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\System32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S4 TlntSvr; C:\WINNT\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S4 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\WINNT\System32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S4 WLTRYSVC; C:\WINNT\System32\bcmwltry.exe [483328 2003-07-17] (Broadcom Corporation) [File not signed]
S4 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\System32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S4 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINNT\System32\dllhost.exe /Processid:{C12704F8-F140-47C3-B50E-DD710A897F9E}
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINNT\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2003-03-31] (Microsoft Corporation)
R0 adpu160m; C:\WINNT\system32\Drivers\adpu160m.sys [101888 2003-03-31] (Microsoft Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R3 AgereSoftModem; C:\WINNT\System32\DRIVERS\AGRSM.sys [1196352 2003-06-27] (Agere Systems)
R0 agp440; C:\WINNT\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation)
R0 aic78xx; C:\WINNT\system32\Drivers\aic78xx.sys [56960 2003-03-31] (Microsoft Corporation)
S3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
R3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [1273856 2005-08-09] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINNT\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R3 BCM43XX; C:\WINNT\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2003-03-31] (Microsoft Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2003-03-31] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2003-03-31] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
S3 CO_Mon; C:\WINNT\system32\Drivers\CO_Mon.sys [28672 2006-04-26] () [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\system32\Drivers\dmload.sys [5888 2003-03-31] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 E1000; C:\WINNT\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
S3 E100B; C:\WINNT\System32\DRIVERS\e100b325.sys [117760 2001-08-17] (Intel Corporation)
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
R3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
R3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2003-03-31] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2003-03-31] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 grmnusb; C:\WINNT\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [274816 2003-07-03] (Intel Corporation)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 ip6fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2003-03-31] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINNT\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2003-03-31] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2003-03-31] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINNT\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2007-09-28] (Motive, Inc.) [File not signed]
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2007-09-28] (Motive, Inc.) [File not signed]
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
S3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2003-03-31] (Microsoft Corporation)
S3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2003-03-31] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2003-03-31] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
R3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
R2 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2003-03-31] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\system32\Drivers\PCIIde.sys [3328 2003-03-31] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
S1 Processor; C:\WINNT\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2003-03-31] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2003-03-31] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2003-03-31] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2003-03-31] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
S3 SDTHOOK; C:\WINNT\System32\DRIVERS\SDTHOOK.sys [44928 2007-06-05] (Panda Software) [File not signed]
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
S1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R3 STAC97; C:\WINNT\System32\drivers\STAC97.sys [252144 2003-10-14] (SigmaTel, Inc.)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [270544 2003-07-25] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation)
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation)
R1 UdfReadr; C:\WINNT\system32\Drivers\UdfReadr.sys [200704 2005-07-31] (Roxio)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R0 ultra; C:\WINNT\System32\DRIVERS\ultra.sys [36736 2003-03-31] (Promise Technology, Inc.)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
S4 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2003-03-31] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U5 FontCache3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S4 NetworkX; no ImagePath
S3 PROCEXP151; \??\C:\WINNT\system32\Drivers\PROCEXP151.SYS [X]
S4 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 wanatw; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-21 19:46 - 2015-11-21 19:55 - 00037481 _____ C:\Documents and Settings\Administrator\desktop\FRST.txt
2015-11-21 19:01 - 2015-11-21 19:01 - 00112208 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-11-21 18:59 - 2015-11-21 18:59 - 00388792 _____ C:\WINNT\system32\FNTCACHE.DAT
2015-11-21 18:40 - 2015-11-21 19:46 - 00000000 ____D C:\FRST
2015-11-21 18:39 - 2015-11-21 18:39 - 01716736 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2015-11-21 18:35 - 2015-11-21 18:36 - 00852761 _____ C:\Documents and Settings\Administrator\desktop\SecurityCheck.exe
2015-11-07 16:36 - 2015-11-07 16:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-21 19:55 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-11-21 19:45 - 2003-10-06 16:26 - 00000000 ____D C:\WINNT\Temp
2015-11-21 19:10 - 2013-11-14 09:39 - 00000384 ____H C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-11-21 19:10 - 2009-10-26 19:54 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2015-11-21 19:04 - 2011-12-13 21:25 - 01188546 _____ C:\WINNT\WindowsUpdate.log
2015-11-21 19:03 - 2009-10-26 18:57 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2015-11-21 19:01 - 1980-01-01 00:00 - 00001158 _____ C:\WINNT\system32\wpa.dbl
2015-11-21 19:00 - 2004-09-06 03:27 - 00000000 ____D C:\WINNT\system32\NtmsData
2015-11-21 18:59 - 2014-04-05 08:57 - 00000006 ____H C:\WINNT\Tasks\SA.DAT
2015-11-21 18:59 - 2012-12-03 21:49 - 00000159 _____ C:\WINNT\wiadebug.log
2015-11-21 18:59 - 2012-12-03 21:49 - 00000050 _____ C:\WINNT\wiaservc.log
2015-11-21 18:58 - 2011-12-13 21:26 - 00032552 _____ C:\WINNT\SchedLgU.Txt
2015-11-21 18:58 - 2003-10-06 16:47 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-11-21 09:46 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-11-19 09:40 - 2005-08-02 20:10 - 00004616 ____H C:\Documents and Settings\Administrator\My Documents\Default.rdp
2015-11-17 18:02 - 2004-10-20 19:14 - 00002249 _____ C:\WINNT\QUICKEN.INI
2015-11-14 15:02 - 2009-10-28 00:01 - 00005336 _____ C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2015-11-14 15:01 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-12 22:51 - 2005-08-05 21:13 - 00000000 ____D C:\Program Files\pdf995
2015-11-12 17:59 - 2004-10-20 19:13 - 00000000 ____D C:\QUICKENW
2015-11-12 09:50 - 2009-10-26 18:56 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2015-11-12 09:49 - 2012-02-16 13:59 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2015-11-12 09:45 - 2003-10-06 16:47 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-11-12 09:20 - 2003-10-06 16:31 - 00604222 _____ C:\WINNT\system32\PerfStringBackup.INI
2015-11-12 09:18 - 2015-09-06 22:16 - 00017842 _____ C:\WINNT\setupapi.log
2015-11-11 10:02 - 2013-07-11 20:01 - 00000000 ____D C:\WINNT\system32\MRT
2015-11-11 09:50 - 2005-10-25 23:25 - 143250520 _____ (Microsoft Corporation) C:\WINNT\system32\MRT.exe
2015-10-29 08:32 - 2014-04-02 22:47 - 00170200 _____ (Malwarebytes) C:\WINNT\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 14:53 - 2014-10-25 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-10-24 14:51 - 2012-12-01 23:52 - 00780488 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2015-10-24 14:51 - 2012-12-01 23:52 - 00142536 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2013-10-08 20:41 - 2013-10-08 20:41 - 0000288 _____ () C:\Documents and Settings\Administrator\Application Data\.backup.dm
2009-10-28 00:01 - 2015-11-14 15:02 - 0005336 _____ () C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2012-11-29 21:29 - 2012-12-08 22:00 - 0229395 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\clear.log
2005-10-18 20:18 - 2012-04-13 17:50 - 0010240 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-11-10 20:48 - 2005-11-10 20:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
Files to move or delete:
====================
C:\Documents and Settings\Administrator\remote.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\dnsapi.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
and the Addition Text:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-11-2015
Ran by Administrator (2015-11-21 19:56:17)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-10-25 02:52:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-515416071-1635729839-3118798863-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515416071-1635729839-3118798863-1003 - Limited - Enabled)
Computer Admin (S-1-5-21-515416071-1635729839-3118798863-1014 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Computer Admin
Guest (S-1-5-21-515416071-1635729839-3118798863-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-515416071-1635729839-3118798863-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-515416071-1635729839-3118798863-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
Ahead Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.163-050809a1-026378C-Gateway - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd)
BCM Wireless Network Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Calculator Powertoy for Windows XP (HKLM\...\{B37C842A-B624-46B8-A727-654E72F1C91A}) (Version: 1.00.0001 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - )
Canon MP490 series User Registration (HKLM\...\Canon MP490 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CleanCache 3.5 (HKLM\...\CleanCache 3.0_is1) (Version: - ButtUglySoftware)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Garmin Communicator Plugin (HKLM\...\{C7DD94A8-F775-426C-B56C-8E555A59F9E2}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Gateway Drivers and Applications Recovery (HKLM\...\Gateway Drivers and Applications Recovery) (Version: - )
Google Update Helper (Version: 1.2.183.39 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel® PROSet for Wired Connections (HKLM\...\{16906D21-0656-4F8B-9A01-C3D24B5401FC}) (Version: 7.10.0000 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version: - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft® Winter Fun Pack 2004 for Windows® XP (HKLM\...\{038A524F-58DB-438A-8391-8F7F0CA14B9E}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pdf995 (HKLM\...\Pdf995) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Quicken Deluxe 98 (HKLM\...\Quicken Deluxe 98) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Signature995 (HKLM\...\Signature995) (Version: - )
SoftPerfect WiFi Guard version 1.0.3 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.3 - SoftPerfect Research)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.6.1.0 - )
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Taskbar Shuffle version 2.5 (HKLM\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\WinDirStat) (Version: - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 9 Series TweakMP PowerToy (HKLM\...\TweakMP9) (Version: - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPhlash (HKLM\...\WinPhlash) (Version: - )
WinPoker 6 Shareware (HKLM\...\WinPokerushr) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{01329177-32B9-43A7-A4DE-98C73B23B340}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{07B27DE3-0C8C-4F21-B249-ED5BDC5AFF6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{08D1779E-7D4B-4B64-8F9F-AA29DE48DAA3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{62022DB3-AEBA-4E84-9D13-4F4AEDD8FCBA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{664E2200-24DB-11D2-9A82-444553540000}\InprocServer32 -> C:\WINNT\system32\SPR32X30.OCX (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{7BB7994B-5297-49B3-A42C-4812B51D8331}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{A28E8A2F-75FD-4809-897D-8CEE473E9A72}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{B47C6567-880B-40F7-989D-F944BDE4E446}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{BAB5D6C9-3634-4D96-88CF-5A8B10C1996C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{E2454650-4D87-11D2-B8B2-0000C00A958C}\InprocServer32 -> C:\WINNT\system32\SPR32X30.OCX (FarPoint Technologies, Inc.)
==================== Restore Points =========================
24-10-2015 14:56:25 Software Distribution Service 3.0
01-11-2015 10:22:20 Software Distribution Service 3.0
24-10-2015 14:56:25 Software Distribution Service 3.0
07-11-2015 16:31:34 Software Distribution Service 3.0
07-11-2015 16:31:40 Software Distribution Service 3.0
27-10-2015 08:42:38 System Checkpoint
07-11-2015 16:31:43 Software Distribution Service 3.0
21-11-2015 19:53:28 Software Distribution Service 3.0
21-11-2015 19:53:28 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
01-11-2015 17:53:08 Software Distribution Service 3.0
03-11-2015 09:25:28 Software Distribution Service 3.0
05-11-2015 09:07:26 Software Distribution Service 3.0
21-11-2015 19:53:43 Software Distribution Service 3.0
07-11-2015 11:13:20 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
21-11-2015 19:53:27 Software Distribution Service 3.0
11-11-2015 09:48:34 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
13-11-2015 10:38:47 Software Distribution Service 3.0
21-11-2015 19:53:42 Software Distribution Service 3.0
21-11-2015 19:53:26 System Checkpoint
15-11-2015 18:35:21 Software Distribution Service 3.0
17-11-2015 08:49:59 Software Distribution Service 3.0
18-11-2015 09:25:32 Software Distribution Service 3.0
19-11-2015 18:07:40 Software Distribution Service 3.0
21-11-2015 09:46:15 Software Distribution Service 3.0
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
1980-01-01 00:00 - 2012-10-25 18:13 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Loaded Modules (Whitelisted) ==============
2004-10-25 22:29 - 2006-06-26 18:02 - 00049852 _____ () C:\WINNT\system32\pdf995mon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\.DEFAULT\...\2020search.com -> 2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\.DEFAULT\...\24teen.com -> 24teen.com
IE restricted site: HKU\.DEFAULT\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\.DEFAULT\...\36site.com -> 36site.com
There are 1144 more sites.
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\S-1-5-19\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-19\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-19\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-19\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\S-1-5-19\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-19\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\S-1-5-19\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\S-1-5-19\...\24teen.com -> 24teen.com
IE restricted site: HKU\S-1-5-19\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\S-1-5-19\...\36site.com -> 36site.com
There are 1142 more sites.
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\S-1-5-20\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-20\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-20\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-20\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\S-1-5-20\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-20\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\S-1-5-20\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\S-1-5-20\...\24teen.com -> 24teen.com
IE restricted site: HKU\S-1-5-20\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\S-1-5-20\...\36site.com -> 36site.com
There are 1142 more sites.
IE trusted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\geekstogo.com -> hxxp://www.geekstogo.com
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\ashenvale.xu.pl -> ashenvale.xu.pl
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\blender.xu.pl -> blender.xu.pl
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.ar -> fastmp3search.com.ar
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.au -> imrworldwide.com.au
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.br -> haren.com.br
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\com.ru -> xxxxxx.com.ru
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\dsm.xu.pl -> dsm.xu.pl
IE restricted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\xu.xu.pl -> xu.xu.pl
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\dxdiag.exe] => Enabled:Microsoft DirectX Diagnostic Tool
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [50000:UDP] => Enabled:IHA_MessageCenter
StandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour Port 5353
==================== Faulty Device Manager Devices =============
Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: NetworkX
Description: NetworkX
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetworkX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2015 07:50:01 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Error: (11/21/2015 06:54:40 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Error: (11/21/2015 05:52:32 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.
Error: (11/21/2015 05:52:32 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
Error: (11/12/2015 05:41:12 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.12205.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Error: (11/05/2015 09:28:05 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
Error: (10/27/2015 07:51:20 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.
Error: (10/27/2015 07:51:20 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
Error: (10/17/2015 04:56:45 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (10/12/2015 08:19:07 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.
System errors:
=============
Error: (11/21/2015 07:49:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2015 06:59:36 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (11/18/2015 09:08:29 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (11/18/2015 09:08:23 AM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (11/15/2015 11:18:54 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (11/12/2015 09:53:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
Error: (11/12/2015 09:47:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
Error: (11/12/2015 09:47:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Error: (11/11/2015 09:11:10 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (11/07/2015 00:20:21 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 2046.98 MB
Available physical RAM: 1520.9 MB
Total Virtual: 3956.65 MB
Available Virtual: 3632.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:37.26 GB) (Free:8.95 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 7D067D06)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by joseph456, 21 November 2015 - 07:04 PM.