Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spybot S&D Rootkit Scan Results

Started by Denisejm , Nov 27 2015 01:24 PM

This topic is locked

#1
Denisejm

Posted 27 November 2015 - 01:24 PM

Member

Member
782 posts

These are the results of a Spybot S&D Rootkit scan.

// info: Rootkit removal help file
// copyright: © 2008-2015

Safer-Networking Ltd. All rightsreserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Skins\CATALYST_Quicksilver\CATALYST_Quicksilver.u
is_Scrollbar:Smaller.WB4:$DATA"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SECURITY\Policy\Secrets\","SAC<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SECURITY\Policy\Secrets\","SAI<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SECURITY\Policy\Secrets\","SCM:{148f1a14-53f3-4074-a573-e1ccd344e1d0}<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SECURITY\Policy\Secrets\","SCM:{76db1bf3-e820-4765-a1b2-0b16a86b1950}<0x00>"

I have an ASUS EAH4650-DI-512MD2 AMD ATI Radeon HD 4650 Video Card and have an ASUS VGA Card ATI Display Driver installed.

Do I need to delete these items?

I use Windows XP Pro X64.

Thanks, Denise

#2
zep516

Posted 27 November 2015 - 04:08 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Are you having any symptoms redirects or pop ups? I would not be deleting anything.

please keep in mind that a Rootkit Scan only flags suspicious stuff, not identifying just bad stuff. It looks like legit files, in any case we can take a look at things using Farber if you would like.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Denisejm

Posted 28 November 2015 - 09:59 AM

Member

Topic Starter
Member
782 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015
Ran by Administrator (administrator) on KINGKONG (28-11-2015 10:37:53)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> chromodo_updater.exe
Failed to access process -> svchost.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe
Failed to access process -> Webshots.scr
Failed to access process -> avgnt.exe
Failed to access process -> psia.exe
Failed to access process -> MOM.exe
Failed to access process -> CCC.exe
Failed to access process -> svchost.exe
Failed to access process -> avshadow.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> alg.exe
Failed to access process -> sua.exe
Failed to access process -> splwow64.exe
Failed to access process -> firefox.exe
Failed to access process -> FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Xvid] => C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpyBotS&D\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\RunOnce: [Adobe Speed Launcher] => 1448722616
HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk [2015-11-27]
ShortcutTarget: Webshots.lnk -> D:\Webshots\Launcher.exe (Webshots.com)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-03-17] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-03-17] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> {C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1423973039265
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2012-06-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default
FF NewTab: hxxps://www.google.com/
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2007-05-02] (Apple Inc.)
FF Extension: Video AdBlock for Firefox - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-06-29] [not signed]
FF Extension: Screengrab (fix version) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2015-11-24]
FF Extension: Click&Clean - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-05-29]
FF Extension: CookieKeeper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-05-28]
FF Extension: Self-Destructing Cookies - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-11-21]
FF Extension: AdBlock for YouTube™ - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-10-05]
FF Extension: Slim Add-ons Manager - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\[email protected] [2015-04-25]
FF Extension: YouTube High Definition - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-11-21]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-08-02]
FF Extension: BetterPrivacy - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dbkvnzg5.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-13] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [916968 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1210512 2015-10-28] (Avira Operations GmbH & Co. KG)
S4 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [892928 2009-03-16] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1984696 2015-11-13] (Comodo)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\MBAM\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\MBAM\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 SDScannerService; C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\SpyBotS&D\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
S4 Atdisk; no ImagePath
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [5020160 2009-03-16] (ATI Technologies Inc.)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154792 2015-10-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [7458520 2013-12-10] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-27] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\Windows\System32\drivers\rr232x.sys [139552 2015-02-01] (HighPoint Technologies, Inc.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [549080 2014-12-04] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-28 10:37 - 2015-11-28 10:38 - 00048644 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-11-28 10:37 - 2015-11-28 10:37 - 00000000 ____D C:\FRST
2015-11-28 10:36 - 2015-11-28 10:36 - 02349056 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2015-11-27 23:11 - 2015-11-27 23:11 - 00000422 _____ C:\Documents and Settings\Administrator\Desktop\oils.txt
2015-11-27 14:05 - 2015-11-27 14:05 - 02351846 _____ C:\Documents and Settings\Administrator\Desktop\TeamSpybot-20151127-140539.cab
2015-11-27 14:04 - 2015-11-27 14:04 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\ProcAlyzer Dumps
2015-11-17 15:57 - 2015-11-17 15:57 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-10-30 13:26 - 2015-11-17 14:18 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Doctors
2015-10-30 09:54 - 2015-10-30 09:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-28 10:38 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-11-28 10:37 - 2015-02-01 13:33 - 00000000 ____D C:\WINDOWS
2015-11-28 10:35 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Purchases 11-15-15
2015-11-28 10:35 - 2015-02-01 19:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2015-11-28 10:14 - 2015-04-11 12:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-28 10:01 - 2015-03-12 09:01 - 00000514 _____ C:\WINDOWS\Tasks\Component System.job
2015-11-28 09:56 - 2015-03-12 09:01 - 00000522 _____ C:\WINDOWS\Tasks\NSManager_1426198789.job
2015-11-28 09:56 - 2015-02-01 19:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-28 09:56 - 2009-03-16 15:56 - 00173776 _____ C:\WINDOWS\system32\ativvaxx.cap
2015-11-27 23:16 - 2015-02-01 20:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-11-27 23:16 - 2015-02-01 19:12 - 00032494 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2015-11-27 23:16 - 2015-02-01 19:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-11-27 23:16 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-27 14:04 - 2015-02-01 13:37 - 00000247 ___SH C:\boot.ini
2015-11-27 12:55 - 2015-04-01 15:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 09:48 - 2007-02-18 07:00 - 00013074 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-25 14:27 - 2015-08-28 08:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Calender 2015
2015-11-22 16:27 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Files
2015-11-20 13:43 - 2015-02-01 19:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2015-11-11 06:25 - 2015-02-13 09:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 06:19 - 2015-02-13 09:06 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 14:14 - 2015-08-11 14:14 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-10 14:14 - 2015-04-01 09:34 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-10 14:14 - 2015-04-01 09:34 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 11:03 - 2015-02-02 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-11-09 11:02 - 2015-04-01 00:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-11-07 06:44 - 2015-05-16 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-07 06:44 - 2015-04-13 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 15:10 - 2015-02-01 13:40 - 00567714 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-29 21:49 - 2015-02-03 07:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc

==================== Files in the root of some directories =======

2015-03-16 10:16 - 2015-03-16 10:16 - 0000618 _____ () C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-03-31 12:31 - 2015-03-31 12:31 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
2015-10-20 23:01 - 2015-10-20 23:32 - 0004608 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

ATTENTION: ==> Could not access BCD.

#4
Denisejm

Posted 28 November 2015 - 10:01 AM

Member

Topic Starter
Member
782 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-11-2015
Ran by Administrator (2015-11-28 10:38:33)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 2 (X64) (2015-02-02 00:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2049699319-3081317485-938346843-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2049699319-3081317485-938346843-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2049699319-3081317485-938346843-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2049699319-3081317485-938346843-1001 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Advanced WindowsCare Personal (HKLM-x32\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.7.2 - IObit)
AiO_Scan (x32 Version: 50.0.206.000 - Hewlett-Packard) Hidden
AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
ATI - Software Uninstall Utility (HKLM-x32\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0317.2130 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.60-090316a1-079188C-Asus - )
Audacity 1.0.0 (HKLM-x32\...\Audacity_is1) (Version: - )
AVI/MPEG/ASF/WMV Splitter 2.21 (HKLM-x32\...\AVI MPEG ASF WMV Splitter_is1) (Version: - boilsoft, Inc.)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
ccc-core-preinstall (x32 Version: 2009.0317.2131.36802 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0317.2131.36802 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 45.7.11.387 - Comodo)
Corel WordPerfect Suite 8 (HKLM-x32\...\Corel WordPerfect Suite 8) (Version: - )
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
Easy Video Splitter 1.28 (HKLM-x32\...\Easy Video Splitter_is1) (Version: - DoEasier Tech Inc)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
HP Beta Printer Drivers for Windows XP x64 (5.64.0.17) (HKLM\...\{25E0F2BA-399C-4cf8-A654-53797016CB77}) (Version: 5.64.0.10 - HP)
HPProductAssistant (x32 Version: 53.0.13.000 - Hewlett-Packard) Hidden
K-Lite Codec Pack 11.2.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.5 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaInfo 0.7.7.4 (HKLM-x32\...\MediaInfo) (Version: 0.7.7.4 - )
MGI PhotoSuite 4 (Remove Only) (HKLM-x32\...\MGI_PRISM_V4_0) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D}) (Version: 6.20.2016.0 - Microsoft Corporation)
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM-x32\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RealWorld Icon Editor (HKLM-x32\...\{4D9F6AAE-CDA4-44B6-AC20-E59B3E8CB108}) (Version: 10.1.0 - RealWorld Graphics)
Revo Uninstaller 1.80 (HKLM-x32\...\Revo Uninstaller) (Version: 1.80 - VS Revo Group)
Scan (x32 Version: 6.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skins (x32 Version: 2009.0317.2131.36802 - ATI) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows XP (KB932596) (HKLM\...\KB932596) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.1.1.0 - Carifred)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version: - AGCM)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version: - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
Youtube Downloader HD v. 2.9.9.19 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-11-2015 10:46:17 System Checkpoint
14-11-2015 12:24:56 System Checkpoint
15-11-2015 12:58:43 System Checkpoint
16-11-2015 13:19:12 System Checkpoint
17-11-2015 15:14:22 System Checkpoint
18-11-2015 16:23:38 System Checkpoint
19-11-2015 16:25:38 System Checkpoint
20-11-2015 17:11:57 System Checkpoint
21-11-2015 17:21:59 System Checkpoint
22-11-2015 18:48:25 System Checkpoint
23-11-2015 19:39:11 System Checkpoint
24-11-2015 20:38:17 System Checkpoint
25-11-2015 21:18:49 System Checkpoint
26-11-2015 23:18:52 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-02-18 07:00 - 2015-03-25 08:55 - 00450626 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15461 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Component System.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Component\com.exe
Task: C:\WINDOWS\Tasks\NSManager_1426198789.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\NSManager\manager.exe
Task: C:\WINDOWS\Tasks\RegCure Pro.job => C:\Program Files (x86)\RegCure Pro\RegCurePro.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-06-02 16:12 - 2015-06-02 16:12 - 00245760 _____ () C:\Program Files (x86)\Avira\Launcher\System.ComponentModel.Composition.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\12-26.net -> user1.12-26.net

There are 8638 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^StartUp^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\SpyBotS&D\SDTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\WinMX\WinMX.exe] => Enabled:WinMX Application
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe] => Enabled:Ultra virus killer
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files (x86)\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

#5
Denisejm

Posted 28 November 2015 - 10:06 AM

Member

Topic Starter
Member
782 posts

I don't have any problems with my pc. All the programs run well, no freezing, boots up with no problems, no pop-ups, no page redirects, etc. I like to run Malwarebytes Anti-Malware once a week and it never finds anything. Spybot S&D just reports these 4 items that I mentioned each time so I decided to check to make sure that the files are harmless.

Denise

#6
zep516

Posted 28 November 2015 - 11:34 AM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

#7
Denisejm

Posted 28 November 2015 - 04:58 PM

Member

Topic Starter
Member
782 posts

I haven't used Chrome since last April. Can I just uninstall it or do I need to delete malware first?

Denise

Edit: I did "Stop and Clear" and uninstalled Chromodo. I won't re-install it unless I need it in the future.

Thanks very much for your help.

Happy Holidays!

Denise

Edited by Denisejm, 28 November 2015 - 05:09 PM.

#8
zep516

Posted 28 November 2015 - 05:03 PM

Trusted Helper

Malware Removal
8,093 posts

Yes. Uninstall Chrome, I believe the Malware is already gone and that is a left over issue with Chrome.

#9
zep516

Posted 17 December 2015 - 07:47 PM

Trusted Helper

Malware Removal
8,093 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.