Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015
Ran by Administrator (administrator) on KINGKONG (28-11-2015 10:37:53)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> chromodo_updater.exe
Failed to access process -> svchost.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe
Failed to access process -> Webshots.scr
Failed to access process -> avgnt.exe
Failed to access process -> psia.exe
Failed to access process -> MOM.exe
Failed to access process -> CCC.exe
Failed to access process -> svchost.exe
Failed to access process -> avshadow.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> alg.exe
Failed to access process -> sua.exe
Failed to access process -> splwow64.exe
Failed to access process -> firefox.exe
Failed to access process -> FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Xvid] => C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpyBotS&D\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\RunOnce: [Adobe Speed Launcher] => 1448722616
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk [2015-11-27]
ShortcutTarget: Webshots.lnk -> D:\Webshots\Launcher.exe (Webshots.com)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-03-17] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> {C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1423973039265
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2012-06-08] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default
FF NewTab: hxxps://www.google.com/
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2007-05-02] (Apple Inc.)
FF Extension: Video AdBlock for Firefox - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-06-29] [not signed]
FF Extension: Screengrab (fix version) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2015-11-24]
FF Extension: Click&Clean - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-05-29]
FF Extension: CookieKeeper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-05-28]
FF Extension: Self-Destructing Cookies - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-11-21]
FF Extension: AdBlock for YouTube™ - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-10-05]
FF Extension: Slim Add-ons Manager - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-04-25]
FF Extension: YouTube High Definition - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-11-21]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-08-02]
FF Extension: BetterPrivacy - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-13] [not signed]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [916968 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1210512 2015-10-28] (Avira Operations GmbH & Co. KG)
S4 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [892928 2009-03-16] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1984696 2015-11-13] (Comodo)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\MBAM\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\MBAM\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 SDScannerService; C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\SpyBotS&D\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
S4 Atdisk; no ImagePath
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [5020160 2009-03-16] (ATI Technologies Inc.)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154792 2015-10-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [7458520 2013-12-10] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-27] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\Windows\System32\drivers\rr232x.sys [139552 2015-02-01] (HighPoint Technologies, Inc.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [549080 2014-12-04] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-28 10:37 - 2015-11-28 10:38 - 00048644 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-11-28 10:37 - 2015-11-28 10:37 - 00000000 ____D C:\FRST
2015-11-28 10:36 - 2015-11-28 10:36 - 02349056 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2015-11-27 23:11 - 2015-11-27 23:11 - 00000422 _____ C:\Documents and Settings\Administrator\Desktop\oils.txt
2015-11-27 14:05 - 2015-11-27 14:05 - 02351846 _____ C:\Documents and Settings\Administrator\Desktop\TeamSpybot-20151127-140539.cab
2015-11-27 14:04 - 2015-11-27 14:04 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\ProcAlyzer Dumps
2015-11-17 15:57 - 2015-11-17 15:57 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-10-30 13:26 - 2015-11-17 14:18 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Doctors
2015-10-30 09:54 - 2015-10-30 09:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-28 10:38 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-11-28 10:37 - 2015-02-01 13:33 - 00000000 ____D C:\WINDOWS
2015-11-28 10:35 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Purchases 11-15-15
2015-11-28 10:35 - 2015-02-01 19:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2015-11-28 10:14 - 2015-04-11 12:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-28 10:01 - 2015-03-12 09:01 - 00000514 _____ C:\WINDOWS\Tasks\Component System.job
2015-11-28 09:56 - 2015-03-12 09:01 - 00000522 _____ C:\WINDOWS\Tasks\NSManager_1426198789.job
2015-11-28 09:56 - 2015-02-01 19:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-28 09:56 - 2009-03-16 15:56 - 00173776 _____ C:\WINDOWS\system32\ativvaxx.cap
2015-11-27 23:16 - 2015-02-01 20:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-11-27 23:16 - 2015-02-01 19:12 - 00032494 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2015-11-27 23:16 - 2015-02-01 19:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-11-27 23:16 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-27 14:04 - 2015-02-01 13:37 - 00000247 ___SH C:\boot.ini
2015-11-27 12:55 - 2015-04-01 15:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 09:48 - 2007-02-18 07:00 - 00013074 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-25 14:27 - 2015-08-28 08:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Calender 2015
2015-11-22 16:27 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Files
2015-11-20 13:43 - 2015-02-01 19:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2015-11-11 06:25 - 2015-02-13 09:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 06:19 - 2015-02-13 09:06 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 14:14 - 2015-08-11 14:14 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-10 14:14 - 2015-04-01 09:34 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-10 14:14 - 2015-04-01 09:34 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 11:03 - 2015-02-02 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-11-09 11:02 - 2015-04-01 00:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-11-07 06:44 - 2015-05-16 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-07 06:44 - 2015-04-13 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 15:10 - 2015-02-01 13:40 - 00567714 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-29 21:49 - 2015-02-03 07:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
==================== Files in the root of some directories =======
2015-03-16 10:16 - 2015-03-16 10:16 - 0000618 _____ () C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-03-31 12:31 - 2015-03-31 12:31 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
2015-10-20 23:01 - 2015-10-20 23:32 - 0004608 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
ATTENTION: ==> Could not access BCD.