Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Can't run AVG!! "...prevented by a software restriction policy"

This is a discussion on Can't run AVG!! "...prevented by a software restriction policy" within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hello! I think I may have been infected with malware that changed something in my registry. I use a laptop


 
 
Thread Tools Search this Thread
Old 11-30-2014, 10:39 PM   #1
Registered Member
 
Join Date: Nov 2014
Posts: 4
OS: XP



Hello! I think I may have been infected with malware that changed something in my registry. I use a laptop shared by my brother. We are both pretty careful about browsing safely and avoiding viruses/malware. However, when I recently got on the laptop I noticed that AVG was no longer in my task bar and when I tried to open the program, I received an error notification that read, "Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator."

I then ran malware bytes and it found a removed about 4 or so infections.

I've since then ran Malwarebytes in safe mode and everything seemed to be ok, however I still cannot open AVG and still receive the same error message.

Can you please assist me in this manner? Thanks!
djninja33 is offline  
Sponsored Links
Advertisement
 
Old 12-02-2014, 01:08 PM   #2
Security Team
Analyst
 
Join Date: Feb 2014
Location: Germany
Posts: 53
OS: Win 8.1



Hi & to TECH SUPPORT FORUM!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.



Step 1

Please run a FRST scan. This will help us diagnose your problem.



Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
deeprybka is offline  
Old 12-04-2014, 12:55 AM   #3
Registered Member
 
Join Date: Nov 2014
Posts: 4
OS: XP



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Owner (administrator) on ANONYMOUS on 04-12-2014 03:49:13
Running from D:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SANDBOXIE L.T.D) D:\Program Files\Sandboxie\SbieSvc.exe
() D:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) D:\WINDOWS\system32\BCMWLTRY.EXE
(IDT, Inc.) D:\Program Files\IDT\XPM09_6162v012\WDM\stacsv.exe
(Oracle Corporation) D:\Program Files\Java\jre7\bin\jqs.exe
(Native Instruments GmbH) D:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) D:\Program Files\UPHClean\uphclean.exe
(WDC) D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
() D:\WINDOWS\system32\TaskSwitch.exe
(Andrea Electronics Corporation) D:\WINDOWS\system32\AESTFltr.exe
(Dell Inc.) D:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) D:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) D:\WINDOWS\system32\igfxpers.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) D:\WINDOWS\system32\igfxsrvc.exe
(IDT, Inc.) D:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) D:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\ApMsgFwd.exe
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\ApntEx.exe
(Gadwin Systems, Inc) D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(Western Digital Technologies, Inc.) D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgrsx.exe
() D:\WINDOWS\system32\GSService.exe
() D:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => D:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [AESTFltr] => D:\WINDOWS\system32\AESTFltr.exe [466944 2008-07-11] (Andrea Electronics Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => D:\WINDOWS\system32\WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)
HKLM\...\Run: [Apoint] => D:\Program Files\DellTPad\Apoint.exe [200704 2008-08-01] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => D:\Program Files\IDT\WDM\sttray.exe [483420 2009-03-02] (IDT, Inc.)
HKLM\...\Run: [Dell QuickSet] => D:\Program Files\Dell\QuickSet\Quickset.exe [1712128 2009-01-09] (Dell Inc.)
HKLM\...\Run: [MSConfig] => D:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => D:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => D:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}] => "D:\Documents and Settings\All Users\Application Data\Microsoft\{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}\{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}.exe"
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => D:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start https://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMgAxA (the data entry has 579 more characters).
HKLM Group Policy restriction on software: D:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: D:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: D:\Program Files\Sandboxie <====== ATTENTION
HKLM Group Policy restriction on software: D:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: D:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}] => "D:\Documents and Settings\All Users\Application Data\Microsoft\{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}\{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}.exe" No File
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Run: [Google Update] => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Run: [Facebook Update] => D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Run: [Gadwin PrintScreen] => D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Run: [uTorrent] => D:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe [1385808 2014-11-22] (BitTorrent Inc.)
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {01954c66-8550-11df-b4d2-00225ff2cfd0} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {072adac2-f08f-11e1-b6cc-00225ff2cfd0} - E:\setup.exe -a
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {09a03fbd-46cd-11e1-b6ae-00225ff2cfd0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {21953bfa-d959-11e2-b717-00225ff2cfd0} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {2718ddb5-3e51-11e2-b6e3-00225ff2cfd0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {349ace7f-4566-11e0-b62b-00225ff2cfd0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {7e3d62bd-a521-11e1-b6c1-00225ff2cfd0} - I:\CMADownloader.exe
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {7f5a302a-8bc2-11df-b4e2-00225ff2cfd0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {8fac7648-3a57-11e0-b61f-00225ff2cfd0} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\MountPoints2: {dfb0b9f1-0580-11e0-b5e9-00225ff2cfd0} - J:\unlock.exe autoplay=true
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> D:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\GigaTribe.lnk
ShortcutTarget: GigaTribe.lnk -> D:\Program Files\GigaTribe\gigatribe.exe (Gigatribe)
HKLM\...\AppCertDlls: [dpvsutou] -> D:\WINDOWS\system32\clipantz.dll
BootExecute: autocheck autochk * D:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-842925246-1177238915-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x22B086421BEBCF01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> DefaultScope {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = https://www.bing.com/search?FORM=U019DF&PC=U019&dt=071713&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> 580BFC8F915A4BC2ADF89C47D0343A6D URL = https://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = https://www.bing.com/search?FORM=U019DF&PC=U019&dt=071713&q={searchTerms}&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} https://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default
FF Homepage: Google.com
FF NetworkProxy: "backup.ftp", "192.211.49.210"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.gopher", "122.141.242.199"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "192.211.49.210"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "192.211.49.210"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "192.211.49.210"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "70.38.68.129"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "192.211.49.210"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.211.49.210"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.211.49.210"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @tools.google.com/Google Update;version=3 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @tools.google.com/Google Update;version=9 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Flash Video Downloader - Full HD Download - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\[email protected] [2014-11-22]
FF Extension: TinEye Reverse Image Search - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\[email protected] [2011-02-18]
FF Extension: Microsoft .NET Framework Assistant - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-01]
FF Extension: Lightshot (screenshot tool) - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-07-14]
FF Extension: Image Search Options - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{4a313247-8330-4a81-948e-b79936516f78} [2011-05-10]
FF Extension: DownloadHelper - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-29]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-05-12]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-03-27]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-22]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Adblock Plus) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-02]
CHR Extension: (Google Search) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Session Buddy) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-08-06]
CHR Extension: (Photo Zoom for Facebook) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2012-11-06]
CHR Extension: (AdBlock) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18]
CHR Extension: (8- Bit ArtSpark) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmjdjceicegjpjkojociihgjmnalbean [2012-11-06]
CHR Extension: (Google Wallet) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (My Chrome Theme) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-11-06]
CHR Extension: (GrooveCat) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiambkeommjoegimifghjlgbdhoegmgm [2014-05-12]
CHR Extension: (Vine Client) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci [2014-08-05]
CHR Extension: (Gmail) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR StartMenuInternet: Google Chrome - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; D:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R3 GSService; D:\WINDOWS\system32\GSService.exe [490208 2013-06-26] ()
S3 IDriverT; D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 NIHardwareService; D:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [69864 2011-01-12] (SANDBOXIE L.T.D)
R2 STacSV; d:\program files\idt\xpm09_6162v012\wdm\STacSV.exe [254034 2009-03-02] (IDT, Inc.)
R2 UPHClean; D:\Program Files\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation) [File not signed]
R2 WDDMService; D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
R2 WDFME; D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R2 WDSC; D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
R2 wltrysvc; D:\WINDOWS\System32\bcmwltry.exe [2039808 2008-11-26] (Dell Inc.) [File not signed]
S2 Uvnc_service; "D:\Program Files\UltraVNC Addons\uvnc_service.exe" -service [X]
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AESTAud; D:\WINDOWS\System32\drivers\AESTAud.sys [113024 2009-03-06] (Andrea Electronics Corporation)
S3 AMBFilt; D:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-03-04] (Creative)
R1 APPDRV; D:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2008-10-04] (Dell Inc) [File not signed]
R1 Avgdiskx; D:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; D:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; D:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; D:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; D:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; D:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; D:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; D:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; D:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; D:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 easytether; D:\WINDOWS\System32\DRIVERS\easytthr.sys [17296 2011-05-22] (Mobile Stream)
R1 ElbyCDIO; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 ManyCam; D:\WINDOWS\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC) [File not signed]
S3 massfilter_hs; D:\WINDOWS\System32\DRIVERS\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated) [File not signed]
R3 mcaudrv_simple; D:\WINDOWS\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC) [File not signed]
S3 MonFilt; D:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 npf; D:\WINDOWS\System32\drivers\npf.sys [35088 2012-06-13] (CACE Technologies, Inc.)
S3 NUMARK_NS7_MIDI; D:\WINDOWS\System32\drivers\ns7_midi.sys [30720 2008-12-01] (Numark) [File not signed]
S3 NUMARK_NS7_USB; D:\WINDOWS\System32\Drivers\ns7_usb.sys [477696 2008-12-01] (Ploytec GmbH) [File not signed]
S3 NUMARK_NS7_WDM; D:\WINDOWS\System32\drivers\ns7_wdm.sys [57344 2008-12-01] (Numark) [File not signed]
S3 ovt519; D:\WINDOWS\System32\Drivers\ov519vid.sys [174530 2003-10-15] (OmniVision Technologies, Inc.) [File not signed]
S3 pneteth; D:\WINDOWS\System32\DRIVERS\pneteth.sys [13312 2010-09-02] (June Fabrics Technology Inc.) [File not signed]
S3 pnetmdm; D:\WINDOWS\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) [File not signed]
R3 RSUSBSTOR; D:\WINDOWS\System32\Drivers\RTS5121.sys [160256 2008-11-21] (Realtek Semiconductor Corp.)
R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [125672 2011-01-12] (SANDBOXIE L.T.D)
S3 SeratoUsb; D:\WINDOWS\System32\Drivers\SeratoUsb.sys [29824 2012-02-27] (Cristalink Ltd) [File not signed]
R3 STHDA; D:\WINDOWS\System32\drivers\sthda.sys [1550547 2009-03-02] (IDT, Inc.)
S3 tap0901; D:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project) [File not signed]
S3 taphss; D:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
R1 Tcpip; D:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2009-04-20] (Microsoft Corporation) [File not signed]
R2 thdudf; D:\WINDOWS\System32\DRIVERS\thdudf.sys [66944 2010-04-30] (TOSHIBA Corporation) [File not signed]
S3 TTM57SLUsb; D:\WINDOWS\System32\Drivers\TTM57SLUsb.sys [29696 2012-02-27] (Cristalink Ltd) [File not signed]
R3 VClone; D:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG) [File not signed]
S3 vncdrv; D:\WINDOWS\System32\DRIVERS\vncdrv.sys [12104 2007-05-22] (RDV Soft)
S3 YMIDUSBW; D:\WINDOWS\System32\drivers\ymidusbw.sys [36040 2011-11-01] (Yamaha Corporation)
R3 yukonwxp; D:\WINDOWS\System32\DRIVERS\yk51x86.sys [289664 2008-07-24] (Marvell)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S3 DJUSB; System32\Drivers\DM2.sys [X]
S4 IntelIde; No ImagePath
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; D:\Windows\System32\Drivers\Sdbus.sys [80256 2009-04-20] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 03:48 - 2014-12-04 03:48 - 00000000 ____D () D:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-11-30 23:37 - 2014-11-30 23:52 - 00007252 __RSH () D:\Documents and Settings\All Users\ntuser.pol
2014-11-30 23:25 - 2014-11-30 23:25 - 00000000 ___HD () D:\WINDOWS\system32\GroupPolicy
2014-11-28 12:47 - 2014-11-28 12:47 - 00042307 _____ () D:\Documents and Settings\Owner\Desktop\Addition.txt
2014-11-28 12:46 - 2014-12-04 03:49 - 00028520 _____ () D:\Documents and Settings\Owner\Desktop\FRST.txt
2014-11-28 12:46 - 2014-12-04 03:49 - 00000000 ____D () D:\FRST
2014-11-28 12:45 - 2014-12-04 03:48 - 01110016 _____ (Farbar) D:\Documents and Settings\Owner\Desktop\FRST.exe
2014-11-26 23:14 - 2014-11-26 23:14 - 00001434 _____ () D:\Documents and Settings\Owner\Desktop\JRT.txt
2014-11-26 23:08 - 2014-11-26 23:08 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-11-26 22:51 - 2014-11-26 22:51 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\AVG2015
2014-11-26 22:50 - 2014-11-26 22:50 - 00000704 _____ () D:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-11-26 22:50 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\TuneUp Software
2014-11-26 22:50 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-26 22:49 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-26 22:49 - 2014-11-26 22:49 - 00000000 ____D () D:\WINDOWS\LastGood
2014-11-26 21:45 - 2014-11-26 21:47 - 00005570 _____ () D:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-11-24 02:05 - 2014-12-04 03:01 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\MFAData
2014-11-24 02:05 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\Application Data\Avg2015
2014-11-24 02:05 - 2014-11-24 02:05 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
2014-11-23 23:47 - 2014-11-23 23:47 - 00000000 ___RD () D:\Program Files\Skype
2014-11-23 23:47 - 2014-11-23 23:47 - 00000000 ____D () D:\Program Files\Common Files\Skype
2014-11-23 23:47 - 2014-11-23 23:47 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-11-23 23:46 - 2014-11-23 23:46 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB2929961$
2014-11-23 23:35 - 2014-11-23 23:35 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB2930275$
2014-11-23 22:37 - 2014-11-26 23:02 - 00000000 ____D () D:\AdwCleaner
2014-11-23 22:37 - 2014-11-23 22:37 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB2914368$
2014-11-23 22:35 - 2014-11-23 22:35 - 00000000 ____D () D:\Program Files\Common Files\Java
2014-11-23 22:35 - 2014-11-23 22:35 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-11-23 22:35 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) D:\WINDOWS\system32\WindowsAccessBridge.dll
2014-11-23 22:35 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) D:\WINDOWS\system32\javaws.exe
2014-11-23 22:35 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\javaw.exe
2014-11-23 22:35 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\java.exe
2014-11-23 22:35 - 2014-09-26 18:16 - 00145408 _____ (Oracle Corporation) D:\WINDOWS\system32\javacpl.cpl
2014-11-23 22:34 - 2014-11-23 22:35 - 00005641 _____ () D:\WINDOWS\system32\jupdate-1.7.0_71-b14.log
2014-11-23 18:27 - 2014-11-23 21:09 - 00006909 _____ () D:\Documents and Settings\Owner\avgrep.txt
2014-11-18 22:14 - 2014-11-18 22:14 - 00000011 ____R () D:\WINDOWS\amunres.lsl
2014-11-13 23:04 - 2014-11-13 23:04 - 00000011 _____ () D:\Documents and Settings\Owner\My Documents\PS4 Daily contest code.txt
2014-11-07 20:46 - 2014-11-07 20:46 - 00000000 ____D () D:\Program Files\GigaTribe
2014-11-07 20:46 - 2014-11-07 20:46 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\GigaTribe
2014-11-04 21:05 - 2014-11-04 21:05 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\RenPy

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 03:49 - 2010-07-01 14:44 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\Temp
2014-12-04 03:46 - 2010-07-04 01:31 - 00000978 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job
2014-12-04 03:06 - 2012-04-03 09:22 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-04 02:46 - 2010-07-01 14:44 - 00032438 _____ () D:\WINDOWS\SchedLgU.Txt
2014-12-04 02:42 - 2012-01-03 02:32 - 00000998 _____ () D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job
2014-12-04 01:18 - 2010-07-01 14:44 - 00000000 ____D () D:\Documents and Settings\Owner
2014-12-03 21:46 - 2010-07-04 01:31 - 00000926 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job
2014-12-03 18:09 - 2010-07-01 14:11 - 00000422 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{444CA9EF-5E8B-42AB-8959-F1C7CC312557}.job
2014-12-03 17:42 - 2012-01-03 02:32 - 00000976 _____ () D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job
2014-12-03 15:21 - 2010-07-01 14:42 - 01956561 ____N () D:\WINDOWS\WindowsUpdate.log
2014-12-03 03:46 - 2014-05-07 12:14 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-12-03 03:46 - 2012-06-22 16:14 - 00000000 ____D () D:\Program Files\Mozilla Maintenance Service
2014-12-02 14:45 - 2014-07-08 21:15 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 01:10 - 2010-09-28 00:09 - 00000286 _____ () D:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1177238915-1417001333-1003.job
2014-12-01 18:15 - 2010-07-01 22:36 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\uTorrent
2014-12-01 14:45 - 2011-04-21 01:15 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\vlc
2014-11-30 23:46 - 2010-07-01 09:24 - 00000000 ____D () D:\WINDOWS\security
2014-11-26 23:08 - 2012-04-03 09:22 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 23:08 - 2011-06-17 01:50 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-26 22:49 - 2010-07-15 00:01 - 00000000 ___HD () D:\$AVG
2014-11-26 22:48 - 2010-07-01 15:19 - 00000000 ____D () D:\Program Files\AVG
2014-11-26 22:12 - 2011-06-18 01:03 - 00000159 ____N () D:\WINDOWS\wiadebug.log
2014-11-26 22:12 - 2011-06-18 01:03 - 00000050 ____N () D:\WINDOWS\wiaservc.log
2014-11-26 22:12 - 2010-09-28 00:09 - 00000278 _____ () D:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1177238915-1417001333-1003.job
2014-11-26 22:12 - 2010-07-01 14:44 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-11-26 22:11 - 2010-07-01 14:44 - 00000178 ___SH () D:\Documents and Settings\Owner\ntuser.ini
2014-11-26 22:08 - 2010-07-01 15:18 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\avg9
2014-11-26 22:04 - 2008-04-14 07:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-25 11:36 - 2011-12-28 17:14 - 00000000 ____D () D:\Documents and Settings\Owner\Desktop\DJ NiNjA Demo Mixes
2014-11-25 00:06 - 2010-07-01 14:38 - 00000000 ____D () D:\WINDOWS\Microsoft.NET
2014-11-24 22:12 - 2010-07-01 09:28 - 00181040 _____ () D:\WINDOWS\system32\FNTCACHE.DAT
2014-11-24 01:50 - 2010-07-01 09:32 - 00538954 _____ () D:\WINDOWS\system32\PerfStringBackup.INI
2014-11-23 23:47 - 2011-08-08 13:37 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\Skype
2014-11-23 23:47 - 2011-08-08 13:37 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Skype
2014-11-23 23:09 - 2010-07-01 22:07 - 00000000 ____D () D:\WINDOWS\ie8updates
2014-11-23 22:35 - 2010-07-01 14:51 - 00000000 ____D () D:\Program Files\Java
2014-11-23 18:27 - 2014-07-08 21:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-11-23 18:27 - 2014-07-08 21:15 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-23 16:01 - 2011-05-20 22:27 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2014-11-22 12:18 - 2010-07-02 16:30 - 00000000 ____D () D:\WINDOWS\Minidump
2014-11-22 12:16 - 2014-04-02 14:10 - 00000751 ____C () D:\Documents and Settings\Owner\My Documents\Dreams and Why Not (Album).txt
2014-11-13 22:16 - 2013-02-09 00:32 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\Mp3tag

Files to move or delete:
====================
D:\Documents and Settings\Custom Settings\Apply Theme.vbs
D:\Documents and Settings\Custom Settings\Auto Config.bat
D:\Documents and Settings\Custom Settings\IE Favorite Links.bat
D:\Documents and Settings\Custom Settings\IExpress Shortcut Creator.vbs
D:\Documents and Settings\Custom Settings\System Settings.bat
D:\Documents and Settings\Custom Settings\System Settings.reg
D:\Documents and Settings\Custom Settings\TaskBarCmd v1.1.exe
D:\Documents and Settings\Custom Settings\User Settings.bat
D:\Documents and Settings\Custom Settings\User Settings.reg
D:\Documents and Settings\Custom Settings\WMP Shortcut Creator.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Owner at 2014-11-28 12:47:18
Running from D:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
AAS - Lounge Lizard EP-4 (HKLM\...\Lounge Lizard EP-4) (Version: - Applied Acoustics Systems)
Acoustica Mixcraft (HKLM\...\Acoustica Mixcraft) (Version: - Acoustica)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
AnyMedia Player 3.4.5 (HKLM\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 3.4.5 - cyan soft ltd)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 Beta 1 - Michael Tippach)
Ask & Record Toolbar 4.01 (HKLM\...\Ask & Record Toolbar4.01) (Version: 4.01 - Applian Technologies Inc.) <==== ATTENTION
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Beatnik Player (HKLM\...\Beatnik Player) (Version: - )
Bleep VSTi (HKLM\...\Bleep VSTi) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Content Manager Assistant for PlayStation(R) (HKLM\...\{0DCD0704-E2AB-4e97-96A7-90F146BD8243}) (Version: 2.50.6733.38 - Sony Computer Entertainment Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.115.201 - Alps Electric)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
D-Link VGA Webcam (HKLM\...\D-Link VGA Webcam) (Version: - )
EasyTether (HKLM\...\{A3FAE73B-4474-4A1D-A343-2FE248F05265}) (Version: 1.1.14 - Mobile Stream)
Edirol HQ Orchestral v1.01 (HKLM\...\Edirol HQ Orchestral v1.01) (Version: - )
Effectrix 1.4 (HKLM\...\Effectrix_is1) (Version: 1.4 - Sugar Bytes)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FL Studio v7.0 (HKLM\...\FL Studio_is1) (Version: - AiR, Inc.)
Foxit Reader (HKLM\...\Foxit Reader) (Version: - )
Freecorder (HKLM\...\Freecorder4.1) (Version: 4.1 - Applian Technologies Inc.)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
GigaTribe 3.04.013 (HKLM\...\ShalSoft.GigaTribe_is1) (Version: - GigaTribe SAS)
Google Chrome (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.8.1 - Kai Liu)
HF pAppLoc version 1.0 (HKLM\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6162.0 - IDT)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
ITCH (HKLM\...\{8A8FF989-F31A-43A7-AF3B-BD6121E09225}) (Version: 1.04 - Serato Audio Research)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)
K-Lite Mega Codec Pack 9.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
LPEConnectFix 1.0 (HKLM\...\LPEConnectFix_is1) (Version: - LOTR, Inc. lol Gnutella Forums)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManyCam 3.0.80 (remove only) (HKLM\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)
Melodyne 3.2 (Version: 3.2.0202 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.54 (HKLM\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) Hidden
MusicLab RealGuitar 2.0 (HKLM\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version: - MusicLab, Inc.)
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
Open Command Prompt Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 1.2.0.0 - Kai Liu)
piaip AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 9.1.5 - Dell Computer Corporation)
Realtek Card Reader (HKLM\...\{D10CB652-9332-4242-B7A9-2D61570144F7}) (Version: 6.0.6000.72 - Realtek)
RGSS-RTP Standard (HKLM\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
RPGXP (HKLM\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
Sandboxie 3.52 (HKLM\...\Sandboxie) (Version: - )
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Scratch Live 2.4.1 (9) (HKLM\...\{8D084419-7570-4350-A4D2-C358E5E7F3AC}) (Version: 2.4.1 - Serato Inc LP)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version: - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM\...\TruePianos: Diamond Module_is1) (Version: - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM\...\TruePianos: Emerald Module_is1) (Version: - 4Front Technologies)
Unity Web Player (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB2.0 Card Reader Software (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.0.6000.75 - Realtek)
User Profile Hive Cleanup Service (HKLM\...\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}) (Version: 1.6.30 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
Yamaha USB-MIDI Driver (HKLM\...\InstallShield_{18B2020D-3D3F-4508-81E7-ACD4CCD25C53}) (Version: 3.1.2.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.2.1 - Yamaha Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{11F42BB9-3EEE-471D-8E7D-D86D603FD808}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> D:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> D:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> D:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{4A3522F6-5694-5E3E-9729-7269E6A8F3D3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{843BA37D-204E-CA80-4E5E-DA79D40C3A30}\InprocServer32 -> D:\Program Files\Serato\Drivers\ASIO\64\SL3\RaneAsioSL3.dll ()
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{C499FB90-5D25-4260-BE9A-71FEB2674BEA}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{EED7996D-443E-4B20-8E18-39994B9854D5}\InprocServer32 -> D:\Program Files\Serato\Drivers\ASIO\32\SL3\RaneAsioSL3.dll ()
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

01-07-2010 19:45:26 System Checkpoint
01-07-2010 19:48:40 Installed Windows KB954550-v5.
01-07-2010 19:48:44 Printer Driver Microsoft XPS Document Writer Installed
01-07-2010 19:51:50 Installed Java(TM) 6 Update 13
01-07-2010 19:52:10 Installed User Profile Hive Cleanup Service
01-07-2010 19:52:18 Installed Alt-Tab Task Switcher Powertoy for Windows XP
01-07-2010 19:52:29 Installed Microsoft AppLocale

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2013-01-17 04:52 - 00000730 ____A D:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1177238915-1417001333-1003.job => D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1177238915-1417001333-1003.job => D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{444CA9EF-5E8B-42AB-8959-F1C7CC312557}.job => D:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-07-01 15:02 - 2008-11-26 10:39 - 00024576 _____ () D:\WINDOWS\System32\WLTRYSVC.EXE
2010-07-01 15:02 - 2008-11-26 10:39 - 00753664 _____ () D:\WINDOWS\System32\bcm1xsup.dll
2010-09-08 10:45 - 2010-09-08 10:45 - 01034752 _____ () D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-09-08 10:53 - 2010-09-08 10:53 - 00886272 _____ () D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2010-09-08 10:44 - 2010-09-08 10:44 - 00484352 _____ () D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2002-03-19 17:30 - 2002-03-19 17:30 - 00045632 _____ () D:\WINDOWS\system32\taskswitch.exe
2010-07-01 15:02 - 2008-11-26 10:39 - 00143360 _____ () D:\WINDOWS\system32\preflib.dll
2010-07-01 14:19 - 2008-10-04 08:40 - 00090223 _____ () D:\Program Files\Dell\QuickSet\preflibcl.dll
2010-07-01 14:19 - 2009-01-09 11:31 - 00098304 _____ () D:\Program Files\Dell\QuickSet\dadkeyb.dll
2013-02-12 21:37 - 2013-02-12 21:37 - 01263952 _____ () D:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () D:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () D:\WINDOWS\system32\devenum.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () D:\WINDOWS\system32\msdmo.dll
2010-12-04 21:38 - 2010-12-04 21:38 - 01242112 ____C () D:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
2010-12-04 21:38 - 2010-12-04 21:38 - 02010624 ____C () D:\Program Files\ManyCam\Bin\opencv_core220.dll
2014-11-26 11:06 - 2014-11-25 01:39 - 09009480 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 11:06 - 2014-11-25 01:39 - 01677128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-04-14 10:32 - 2014-02-10 12:44 - 04592128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-14 10:32 - 2014-02-10 12:44 - 00112128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\Temp:AE72925E

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation(R).lnk => D:\WINDOWS\pss\Content Manager Assistant for PlayStation(R).lnkCommon Startup
MSCONFIG\startupfolder: D:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk => D:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: EasyTether => "D:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: eSnips_Downloader => "D:\Program Files\Logia\eSnipsDownloader\eSnips_Downloader.exe" -startup
MSCONFIG\startupreg: ManyCam => "D:\Program Files\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "D:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-842925246-1177238915-1417001333-500 - Administrator - Disabled)
ASPNET (S-1-5-21-842925246-1177238915-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-842925246-1177238915-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-842925246-1177238915-1417001333-1000 - Limited - Disabled)
Owner (S-1-5-21-842925246-1177238915-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-842925246-1177238915-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 10:15:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/24/2014 10:14:02 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application stacsv.exe, version 1.0.6162.0, faulting module stacsv.exe, version 1.0.6162.0, fault address 0x0000e75b.
Error in creating result PEAP-TLV in response to received PEAP-TLV (stacsv.exe!ld!)

Error: (11/24/2014 10:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application stacsv.exe, version 1.0.6162.0, faulting module stacsv.exe, version 1.0.6162.0, fault address 0x0000e75b.
Processing media-specific event for [stacsv.exe!ws!]

Error: (11/24/2014 01:46:19 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2729449, P2 10.0.30319, P3 10.0.30319.296, P4 1, P5 ndp40-kb2729449.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 vssetup0, P10 vssetup1.

Error: (11/24/2014 01:46:18 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2729449' could not be installed. Error code 1603. Additional information is available in the log file D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2729449_20141124_014749015-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (11/24/2014 01:47:40 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2742595, P2 10.0.30319, P3 10.0.30319.1001, P4 1, P5 ndp40-kb2742595.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 vssetup0, P10 vssetup1.

Error: (11/24/2014 01:47:39 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2742595' could not be installed. Error code 1603. Additional information is available in the log file D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2742595_20141124_014525218-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (11/24/2014 01:45:13 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2604092, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (11/24/2014 01:44:58 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2604092' could not be installed. Error code 1603. Additional information is available in the log file D:\DOCUME~1\Owner\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2604092_20141124_044758875-Msi0.txt.

Error: (11/24/2014 01:01:46 AM) (Source: MsiInstaller) (EventID: 10005) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2905. The arguments are: D:\WINDOWS\Installer\MSI901.tmp, ,


System errors:
=============
Error: (11/26/2014 11:09:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/26/2014 10:13:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Uvnc_service service failed to start due to the following error:
%%2

Error: (11/26/2014 10:13:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Anchorfree HSS Adapter service failed to start due to the following error:
%%1058

Error: (11/26/2014 10:13:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TAP-Win32 Adapter V9 service failed to start due to the following error:
%%1058

Error: (11/26/2014 10:13:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PdaNet Broadband service failed to start due to the following error:
%%1058

Error: (11/26/2014 10:13:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft TV/Video Connection service failed to start due to the following error:
%%1058

Error: (11/26/2014 10:11:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2014 10:11:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
ElbyCDIO
Fips
intelppm

Error: (11/26/2014 10:10:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2014 10:08:43 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (11/24/2014 10:15:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/24/2014 10:14:02 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: stacsv.exe1.0.6162.0stacsv.exe1.0.6162.00000e75b

Error: (11/24/2014 10:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: stacsv.exe1.0.6162.0stacsv.exe1.0.6162.00000e75b

Error: (11/24/2014 01:46:19 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: vssetupkb272944910.0.3031910.0.30319.2961ndp40-kb2729449.mspinstall_i_silent_error16030ca_cachegacassemblydeferred.3643236f_fc70_11d3_a536_0090278a1bb8NIL

Error: (11/24/2014 01:46:18 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Microsoft .NET Framework 4 Client ProfileKB27294491603D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2729449_20141124_014749015-Microsoft .NET Framework 4 Client Profile-MSP0.txt(NULL)

Error: (11/24/2014 01:47:40 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: vssetupkb274259510.0.3031910.0.30319.10011ndp40-kb2742595.mspinstall_i_silent_error16030ca_cachegacassemblydeferred.3643236f_fc70_11d3_a536_0090278a1bb8NIL

Error: (11/24/2014 01:47:39 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Microsoft .NET Framework 4 Client ProfileKB27425951603D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2742595_20141124_014525218-Microsoft .NET Framework 4 Client Profile-MSP0.txt(NULL)

Error: (11/24/2014 01:45:13 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb260409210331603msif9.0.40215.0installx86xp2905

Error: (11/24/2014 01:44:58 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Microsoft .NET Framework 2.0 Service Pack 2KB26040921603D:\DOCUME~1\Owner\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2604092_20141124_044758875-Msi0.txt(NULL)

Error: (11/24/2014 01:01:46 AM) (Source: MsiInstaller) (EventID: 10005) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2905. The arguments are: D:\WINDOWS\Installer\MSI901.tmp, , (NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 3032.29 MB
Available physical RAM: 1343.04 MB
Total Pagefile: 4918.44 MB
Available Pagefile: 2551.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.9 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:169 GB) (Free:4.09 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (XP) (Fixed) (Total:48.83 GB) (Free:0.56 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.43 GB) NTFS
Drive h: () (Removable) (Total:3.68 GB) (Free:2.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 68000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=169 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
djninja33 is offline  
Sponsored Links
Advertisement
 
Old 12-04-2014, 10:32 AM   #4
Security Team
Analyst
 
Join Date: Feb 2014
Location: Germany
Posts: 53
OS: Win 8.1



Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

Windows XP: End of support warning

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.
Any patches, updates or security releases are ceased for this system.

This is just an information for you if not aware.
My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.

Step 1




Press the + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:

Code:
CloseProcesses:
HKLM Group Policy restriction on software: D:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: D:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: D:\Program Files\Sandboxie <====== ATTENTION
HKLM Group Policy restriction on software: D:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: D:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on icon and select Run as Administrator to start the tool.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 2



Please download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.
deeprybka is offline  
Old 12-04-2014, 11:35 AM   #5
Registered Member
 
Join Date: Nov 2014
Posts: 4
OS: XP



Thank you so much! everything seems to be back to normal. :D



ComboFix 14-12-04.01 - Owner 12/04/2014 14:13:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2298 [GMT -5:00]
Running from: d:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\All Users\ntuser.pol
d:\documents and settings\Owner\Application Data\Love
d:\documents and settings\Owner\Application Data\Love\mari0\options.txt
d:\windows\apppatch\AppLoc.exe
d:\windows\apppatch\AppLocA.exe
d:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
d:\windows\apppatch\unins000.dat
d:\windows\apppatch\unins000.exe
d:\windows\system32\bcm1830.tmp
d:\windows\system32\bcm183A.tmp
d:\windows\system32\drivers\etc\hosts.ics
d:\windows\system32\PowerToyReadme.htm
d:\windows\system32\ShellExt\CmdOpen.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UVNC_SERVICE
-------\Service_Uvnc_service
.
.
((((((((((((((((((((((((( Files Created from 2014-11-04 to 2014-12-04 )))))))))))))))))))))))))))))))
.
.
2014-12-04 19:20 . 2014-12-04 19:20 -------- d-----w- d:\windows\system32\wbem\snmp
2014-12-04 19:20 . 2014-12-04 19:20 -------- d-----w- d:\windows\system32\xircom
2014-12-04 19:20 . 2014-12-04 19:20 -------- d-----w- d:\windows\system32\oobe
2014-12-01 04:25 . 2014-12-01 04:25 -------- d--h--w- d:\windows\system32\GroupPolicy
2014-11-28 17:46 . 2014-12-04 18:41 -------- d-----w- D:\FRST
2014-11-27 04:08 . 2014-11-27 04:08 -------- d-----w- d:\windows\ERUNT
2014-11-27 03:51 . 2014-11-27 03:51 -------- d-----w- d:\documents and settings\Owner\Application Data\AVG2015
2014-11-27 03:50 . 2014-11-27 03:50 -------- d-----w- d:\documents and settings\Owner\Application Data\TuneUp Software
2014-11-27 03:49 . 2014-11-27 03:50 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG2015
2014-11-24 07:05 . 2014-12-04 18:44 -------- d-----w- d:\documents and settings\All Users\Application Data\MFAData
2014-11-24 07:05 . 2014-11-27 03:50 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Avg2015
2014-11-24 07:05 . 2014-11-24 07:05 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\MFAData
2014-11-24 04:47 . 2014-11-24 04:47 -------- d-----r- d:\program files\Skype
2014-11-24 04:47 . 2014-11-24 04:47 -------- d-----w- d:\program files\Common Files\Skype
2014-11-24 03:37 . 2014-11-27 04:02 -------- d-----w- D:\AdwCleaner
2014-11-24 03:35 . 2014-11-24 03:35 -------- d-----w- d:\program files\Common Files\Java
2014-11-24 03:35 . 2014-09-26 23:16 145408 ----a-w- d:\windows\system32\javacpl.cpl
2014-11-24 03:35 . 2014-09-26 23:42 96680 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2014-11-08 01:46 . 2014-11-08 01:46 -------- d-----w- d:\program files\GigaTribe
2014-11-05 02:05 . 2014-11-05 02:05 -------- d-----w- d:\documents and settings\Owner\Application Data\RenPy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-02 19:45 . 2014-07-09 02:15 114904 ----a-w- d:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-27 04:08 . 2012-04-03 14:22 701104 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2014-11-27 04:08 . 2011-06-17 06:50 71344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 02:35 . 2014-10-30 02:35 198936 ----a-w- d:\windows\system32\drivers\avgidsdriverlx.sys
2014-10-10 19:13 . 2014-10-10 19:13 200984 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2014-10-06 01:42 . 2014-10-06 01:42 98584 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2014-10-01 16:11 . 2014-07-09 02:15 54360 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 16:11 . 2014-07-09 02:15 23256 ----a-w- d:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\tcpip.sys
.
.
d:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="d:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384]
"uTorrent"="d:\documents and settings\Owner\Application Data\uTorrent\uTorrent.exe" [2014-11-22 1385808]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CoolSwitch"="d:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"AESTFltr"="d:\windows\system32\AESTFltr.exe" [2008-07-11 466944]
"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"Apoint"="d:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
"SysTrayApp"="d:\program files\IDT\WDM\sttray.exe" [2009-03-02 483420]
"Dell QuickSet"="d:\program files\Dell\QuickSet\Quickset.exe" [2009-01-09 1712128]
"DivXMediaServer"="d:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"AVG_UI"="d:\program files\AVG\AVG2015\avgui.exe" [2014-11-10 3653136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]
.
d:\documents and settings\Owner\Start Menu\Programs\Startup\
GigaTribe.lnk - d:\program files\GigaTribe\gigatribe.exe -system:startup [2014-11-7 5164744]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation(R).lnk - d:\program files\Sony\Content Manager Assistant\CMA.exe [2013-6-18 3505048]
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation(R).lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
backup=d:\windows\pss\Content Manager Assistant for PlayStation(R).lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=d:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=d:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether]
2011-05-22 23:14 48648 -c--a-w- d:\program files\Mobile Stream\EasyTether\easytthr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2012-06-28 09:05 2160024 -c--a-w- d:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-01-12 14:35 405736 -c--a-w- d:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 21:42 20584608 ----a-r- d:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 -c--a-w- d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\GigaTribe\\gigatribe.exe"=
"d:\\Documents and Settings\\Owner\\Application Data\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\muzapp.exe"=
"d:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"d:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"d:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;d:\windows\system32\drivers\avgidshx.sys [6/18/2014 8:16 PM 147736]
R0 Avglogx;AVG Logging Driver;d:\windows\system32\drivers\avglogx.sys [7/18/2014 2:55 PM 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [6/18/2014 8:03 PM 27416]
R1 Avgdiskx;AVG Disk Driver;d:\windows\system32\drivers\avgdiskx.sys [6/18/2014 8:03 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;d:\windows\system32\drivers\avgidsdriverlx.sys [10/29/2014 9:35 PM 198936]
R1 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\avgidsshimx.sys [6/18/2014 8:03 PM 21272]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [8/28/2014 8:43 PM 192792]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [10/10/2014 2:13 PM 200984]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2015\avgwdsvc.exe [11/9/2014 9:49 PM 298080]
R2 NIHardwareService;NIHardwareService;d:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 10:33 AM 3857408]
R2 npf;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [6/13/2012 8:57 PM 35088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;d:\windows\system32\drivers\thdudf.sys [8/19/2013 7:53 PM 66944]
R2 WDDMService;WDDMService;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 10:41 AM 237056]
R2 WDFME;WD File Management Engine;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 10:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 10:44 AM 484352]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;d:\windows\system32\drivers\AESTAud.sys [7/1/2010 2:59 PM 113024]
R3 easytether;easytether;d:\windows\system32\drivers\easytthr.sys [11/30/2011 2:17 AM 17296]
R3 ManyCam;ManyCam Virtual Webcam;d:\windows\system32\drivers\mcvidrv.sys [1/11/2012 1:11 AM 32000]
R3 mcaudrv_simple;ManyCam Virtual Microphone;d:\windows\system32\drivers\mcaudrv.sys [2/22/2012 5:34 AM 22400]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;d:\windows\system32\drivers\RTS5121.sys [7/1/2010 3:00 PM 160256]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG2015\avgidsagent.exe [11/9/2014 9:57 PM 3488784]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 AMBFilt;Creative AMB Service;d:\windows\system32\drivers\AMBFilt.sys [7/1/2010 3:35 PM 1656960]
S3 appliandMP;appliandMP;d:\windows\system32\DRIVERS\appliand.sys --> d:\windows\system32\DRIVERS\appliand.sys [?]
S3 DJUSB;DMM Controller;d:\windows\system32\Drivers\DM2.sys --> d:\windows\system32\Drivers\DM2.sys [?]
S3 GSService;GSService;d:\windows\system32\GSService.exe [7/18/2013 11:39 PM 490208]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;d:\windows\system32\drivers\massfilter_hs.sys [2/3/2009 7:56 AM 9728]
S3 NUMARK_NS7_MIDI;Numark NS7 WDM MIDI Device;d:\windows\system32\drivers\ns7_midi.sys [1/7/2013 8:30 PM 30720]
S3 NUMARK_NS7_USB;Numark NS7 USB driver;d:\windows\system32\drivers\ns7_usb.sys [1/7/2013 8:30 PM 477696]
S3 NUMARK_NS7_WDM;Numark NS7 WDM;d:\windows\system32\drivers\ns7_wdm.sys [1/7/2013 8:31 PM 57344]
S3 pneteth;PdaNet Broadband;d:\windows\system32\drivers\pneteth.sys [9/23/2010 12:37 PM 13312]
S3 pnetmdm;PdaNet Modem;d:\windows\system32\drivers\pnetmdm.sys [10/24/2010 1:10 AM 9472]
S3 Rts516xIR;Realtek IR Driver;d:\windows\system32\DRIVERS\Rts516xIR.sys --> d:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 TTM57SLUsb;TTM 57SL USB driver;d:\windows\system32\drivers\TTM57SLUsb.sys [9/9/2012 1:15 AM 29696]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [12/11/2010 7:22 PM 11520]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);d:\windows\system32\drivers\ymidusbw.sys [11/1/2011 1:14 PM 36040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-04 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:08]
.
2014-12-03 d:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job
- d:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-03 21:37]
.
2014-12-04 d:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job
- d:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-03 21:37]
.
2014-12-04 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job
- d:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-04 04:29]
.
2014-12-04 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job
- d:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-04 04:29]
.
2014-12-03 d:\windows\Tasks\User_Feed_Synchronization-{444CA9EF-5E8B-42AB-8959-F1C7CC312557}.job
- d:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - d:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - ExtSQL: !HIDDEN! 2010-07-01 23:14; {20a82645-c095-46ed-80e3-08825760534b}; d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9} - d:\documents and settings\All Users\Application Data\Microsoft\{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}\{ab1495dc-360c-0c2d-7b10-0f5ed6c26ff9}.exe
MSConfigStartUp-eSnips_Downloader - d:\program files\Logia\eSnipsDownloader\eSnips_Downloader.exe
MSConfigStartUp-QuickTime Task - d:\program files\QuickTime Alternative\qttask.exe
AddRemove-Lounge Lizard EP-4 - d:\program files\Applied Acoustics Systems\Lounge Lizard EP-4\Uninstall Lounge Lizard EP-4.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - d:\windows\AppPatch\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2014-12-04 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2472)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\mshtml.dll
d:\windows\system32\msls31.dll
d:\windows\system32\msi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Sandboxie\SbieSvc.exe
d:\windows\System32\WLTRYSVC.EXE
d:\windows\System32\bcmwltry.exe
d:\program files\idt\xpm09_6162v012\wdm\STacSV.exe
d:\program files\Java\jre7\bin\jqs.exe
d:\program files\UPHClean\uphclean.exe
d:\program files\Windows Media Player\WMPNetwk.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\system32\igfxsrvc.exe
d:\program files\DellTPad\ApMsgFwd.exe
d:\program files\DellTPad\HidFind.exe
d:\program files\DellTPad\Apntex.exe
d:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
.
**************************************************************************
.
Completion time: 2014-12-04 14:30:44 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-04 19:30
.
Pre-Run: 849,440,768 bytes free
Post-Run: 741,748,736 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 9D8F452F2015B0F0A551514993668815
8F558EB6672622401DA993E1E865C861
djninja33 is offline  
Old 12-04-2014, 11:58 AM   #6
Security Team
Analyst
 
Join Date: Feb 2014
Location: Germany
Posts: 53
OS: Win 8.1



You are welcome!

Step 1
Remove a program in Windows XP:
  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click Ask & Record Toolbar 4.01 and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.
(If you can't uninstall the program(s): please feel free to use Revo Uninstaller as well)
  • Please download and install Revo Uninstaller Free
    (note: there is no need to click anything on that page, the download will start automatically)
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it: Ask & Record Toolbar 4.01
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    (note: you may have to expand some folders by clicking the "+" mark)
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2
Scan with Malwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.


Step 3



Start FRST with administator privileges.
  • Make sure the following option is checked:
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
deeprybka is offline  
Old 12-04-2014, 02:18 PM   #7
Registered Member
 
Join Date: Nov 2014
Posts: 4
OS: XP



Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 12/4/2014
Scan Time: 3:55:47 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.04.09
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313535
Time Elapsed: 1 hr, 14 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)







Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Owner (administrator) on ANONYMOUS on 04-12-2014 17:17:43
Running from D:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SANDBOXIE L.T.D) D:\Program Files\Sandboxie\SbieSvc.exe
() D:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) D:\WINDOWS\system32\BCMWLTRY.EXE
(IDT, Inc.) D:\Program Files\IDT\XPM09_6162v012\WDM\stacsv.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Oracle Corporation) D:\Program Files\Java\jre7\bin\jqs.exe
(Native Instruments GmbH) D:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) D:\Program Files\UPHClean\uphclean.exe
(WDC) D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
() D:\WINDOWS\system32\TaskSwitch.exe
(Andrea Electronics Corporation) D:\WINDOWS\system32\AESTFltr.exe
(Dell Inc.) D:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) D:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) D:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) D:\WINDOWS\system32\igfxpers.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) D:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) D:\Program Files\Dell\QuickSet\quickset.exe
() D:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\ApMsgFwd.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgui.exe
(Gadwin Systems, Inc) D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(Western Digital Technologies, Inc.) D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) D:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) D:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => D:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [AESTFltr] => D:\WINDOWS\system32\AESTFltr.exe [466944 2008-07-11] (Andrea Electronics Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => D:\WINDOWS\system32\WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)
HKLM\...\Run: [Apoint] => D:\Program Files\DellTPad\Apoint.exe [200704 2008-08-01] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => D:\Program Files\IDT\WDM\sttray.exe [483420 2009-03-02] (IDT, Inc.)
HKLM\...\Run: [Dell QuickSet] => D:\Program Files\Dell\QuickSet\Quickset.exe [1712128 2009-01-09] (Dell Inc.)
HKLM\...\Run: [DivXMediaServer] => D:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => D:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => D:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Run: [Gadwin PrintScreen] => D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Run: [uTorrent] => D:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe [1385808 2014-11-22] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> D:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\GigaTribe.lnk
ShortcutTarget: GigaTribe.lnk -> D:\Program Files\GigaTribe\gigatribe.exe (Gigatribe)
BootExecute: autocheck autochk * D:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-842925246-1177238915-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x22B086421BEBCF01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> DefaultScope {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = https://www.bing.com/search?FORM=U019DF&PC=U019&dt=071713&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> 580BFC8F915A4BC2ADF89C47D0343A6D URL = https://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-842925246-1177238915-1417001333-1003 -> {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = https://www.bing.com/search?FORM=U019DF&PC=U019&dt=071713&q={searchTerms}&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} https://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default
FF Homepage: Google.com
FF NetworkProxy: "backup.ftp", "192.211.49.210"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.gopher", "122.141.242.199"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "192.211.49.210"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "192.211.49.210"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "192.211.49.210"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "70.38.68.129"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "192.211.49.210"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.211.49.210"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "192.211.49.210"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @tools.google.com/Google Update;version=3 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @tools.google.com/Google Update;version=9 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-842925246-1177238915-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Flash Video Downloader - Full HD Download - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\[email protected] [2014-11-22]
FF Extension: TinEye Reverse Image Search - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\[email protected] [2011-02-18]
FF Extension: Microsoft .NET Framework Assistant - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-01]
FF Extension: Lightshot (screenshot tool) - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-07-14]
FF Extension: Image Search Options - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{4a313247-8330-4a81-948e-b79936516f78} [2011-05-10]
FF Extension: DownloadHelper - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-29]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-05-12]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-03-27]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-22]
FF Extension: No Name - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\01gnvl4f.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Adblock Plus) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-02]
CHR Extension: (Google Search) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Session Buddy) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-08-06]
CHR Extension: (Photo Zoom for Facebook) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2012-11-06]
CHR Extension: (AdBlock) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18]
CHR Extension: (8- Bit ArtSpark) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmjdjceicegjpjkojociihgjmnalbean [2012-11-06]
CHR Extension: (Google Wallet) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (My Chrome Theme) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-11-06]
CHR Extension: (GrooveCat) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiambkeommjoegimifghjlgbdhoegmgm [2014-05-12]
CHR Extension: (Vine Client) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci [2014-08-05]
CHR Extension: (Gmail) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR StartMenuInternet: Google Chrome - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; D:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 GSService; D:\WINDOWS\system32\GSService.exe [490208 2013-06-26] ()
S3 IDriverT; D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 NIHardwareService; D:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [69864 2011-01-12] (SANDBOXIE L.T.D)
R2 STacSV; d:\program files\idt\xpm09_6162v012\wdm\STacSV.exe [254034 2009-03-02] (IDT, Inc.)
R2 UPHClean; D:\Program Files\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation) [File not signed]
R2 WDDMService; D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
R2 WDFME; D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R2 WDSC; D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
R2 wltrysvc; D:\WINDOWS\System32\bcmwltry.exe [2039808 2008-11-26] (Dell Inc.) [File not signed]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AESTAud; D:\WINDOWS\System32\drivers\AESTAud.sys [113024 2009-03-06] (Andrea Electronics Corporation)
S3 AMBFilt; D:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-03-04] (Creative)
R1 APPDRV; D:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2008-10-04] (Dell Inc) [File not signed]
R1 Avgdiskx; D:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; D:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; D:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; D:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; D:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; D:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; D:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; D:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; D:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; D:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 easytether; D:\WINDOWS\System32\DRIVERS\easytthr.sys [17296 2011-05-22] (Mobile Stream)
R1 ElbyCDIO; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 ManyCam; D:\WINDOWS\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC) [File not signed]
S3 massfilter_hs; D:\WINDOWS\System32\DRIVERS\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated) [File not signed]
R3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; D:\WINDOWS\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC) [File not signed]
S3 MonFilt; D:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 npf; D:\WINDOWS\System32\drivers\npf.sys [35088 2012-06-13] (CACE Technologies, Inc.)
S3 NUMARK_NS7_MIDI; D:\WINDOWS\System32\drivers\ns7_midi.sys [30720 2008-12-01] (Numark) [File not signed]
S3 NUMARK_NS7_USB; D:\WINDOWS\System32\Drivers\ns7_usb.sys [477696 2008-12-01] (Ploytec GmbH) [File not signed]
S3 NUMARK_NS7_WDM; D:\WINDOWS\System32\drivers\ns7_wdm.sys [57344 2008-12-01] (Numark) [File not signed]
S3 ovt519; D:\WINDOWS\System32\Drivers\ov519vid.sys [174530 2003-10-15] (OmniVision Technologies, Inc.) [File not signed]
S3 pneteth; D:\WINDOWS\System32\DRIVERS\pneteth.sys [13312 2010-09-02] (June Fabrics Technology Inc.) [File not signed]
S3 pnetmdm; D:\WINDOWS\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) [File not signed]
R3 RSUSBSTOR; D:\WINDOWS\System32\Drivers\RTS5121.sys [160256 2008-11-21] (Realtek Semiconductor Corp.)
R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [125672 2011-01-12] (SANDBOXIE L.T.D)
S3 SeratoUsb; D:\WINDOWS\System32\Drivers\SeratoUsb.sys [29824 2012-02-27] (Cristalink Ltd) [File not signed]
R3 STHDA; D:\WINDOWS\System32\drivers\sthda.sys [1550547 2009-03-02] (IDT, Inc.)
S3 tap0901; D:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project) [File not signed]
S3 taphss; D:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
R1 Tcpip; D:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2009-04-20] (Microsoft Corporation) [File not signed]
R2 thdudf; D:\WINDOWS\System32\DRIVERS\thdudf.sys [66944 2010-04-30] (TOSHIBA Corporation) [File not signed]
S3 TTM57SLUsb; D:\WINDOWS\System32\Drivers\TTM57SLUsb.sys [29696 2012-02-27] (Cristalink Ltd) [File not signed]
R3 VClone; D:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG) [File not signed]
S3 vncdrv; D:\WINDOWS\System32\DRIVERS\vncdrv.sys [12104 2007-05-22] (RDV Soft)
S3 YMIDUSBW; D:\WINDOWS\System32\drivers\ymidusbw.sys [36040 2011-11-01] (Yamaha Corporation)
R3 yukonwxp; D:\WINDOWS\System32\DRIVERS\yk51x86.sys [289664 2008-07-24] (Marvell)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
R3 catchme; \??\D:\ComboFix\catchme.sys [X]
S3 DJUSB; System32\Drivers\DM2.sys [X]
S4 IntelIde; No ImagePath
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; D:\Windows\System32\Drivers\Sdbus.sys [80256 2009-04-20] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
U3 mbr; \??\D:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 15:48 - 2014-12-04 15:48 - 00000779 _____ () D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 15:32 - 2014-12-04 15:32 - 02623656 _____ (VS Revo Group Ltd.) D:\Documents and Settings\Owner\Desktop\revosetup.exe
2014-12-04 15:32 - 2014-12-04 15:32 - 00000919 _____ () D:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
2014-12-04 15:32 - 2014-12-04 15:32 - 00000000 ____D () D:\Program Files\VS Revo Group
2014-12-04 14:30 - 2014-12-04 17:16 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\temp
2014-12-04 14:30 - 2014-12-04 14:30 - 00019778 _____ () D:\ComboFix.txt
2014-12-04 14:30 - 2014-12-04 14:30 - 00000000 ____D () D:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-04 14:30 - 2014-12-04 14:30 - 00000000 ____D () D:\Documents and Settings\LocalService\Local Settings\temp
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\WINDOWS\system32\xircom
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\WINDOWS\system32\inetsrv
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\xerox
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\windows nt
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\outlook express
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\netmeeting
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\msn gaming zone
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\movie maker
2014-12-04 14:20 - 2014-12-04 14:20 - 00000000 ____D () D:\Program Files\microsoft frontpage
2014-12-04 14:18 - 2014-12-04 14:18 - 00008192 ____H () D:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-12-04 14:18 - 2014-12-04 14:18 - 00000000 ____H () D:\WINDOWS\system32\config\system.tmp.LOG
2014-12-04 14:18 - 2014-12-04 14:18 - 00000000 ____H () D:\WINDOWS\system32\config\software.tmp.LOG
2014-12-04 14:18 - 2014-12-04 14:18 - 00000000 ____H () D:\WINDOWS\system32\config\SAM.tmp.LOG
2014-12-04 14:18 - 2014-12-04 14:18 - 00000000 ____H () D:\WINDOWS\system32\config\default.tmp.LOG
2014-12-04 14:07 - 2014-12-04 14:30 - 00000000 ____D () D:\Qoobox
2014-12-04 14:07 - 2011-06-26 01:45 - 00256000 _____ () D:\WINDOWS\PEV.exe
2014-12-04 14:07 - 2010-11-07 12:20 - 00208896 _____ () D:\WINDOWS\MBR.exe
2014-12-04 14:07 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2014-12-04 14:07 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2014-12-04 14:07 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2014-12-04 14:07 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2014-12-04 14:07 - 2000-08-30 19:00 - 00098816 _____ () D:\WINDOWS\sed.exe
2014-12-04 14:07 - 2000-08-30 19:00 - 00080412 _____ () D:\WINDOWS\grep.exe
2014-12-04 14:07 - 2000-08-30 19:00 - 00068096 _____ () D:\WINDOWS\zip.exe
2014-12-04 14:06 - 2014-12-04 14:28 - 00000000 ____D () D:\WINDOWS\erdnt
2014-12-04 13:53 - 2014-12-04 13:53 - 05600479 ____R (Swearware) D:\Documents and Settings\Owner\Desktop\ComboFix.exe
2014-12-04 03:48 - 2014-12-04 03:48 - 00000000 ____D () D:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-11-30 23:25 - 2014-11-30 23:25 - 00000000 ___HD () D:\WINDOWS\system32\GroupPolicy
2014-11-28 12:47 - 2014-11-28 12:47 - 00042307 _____ () D:\Documents and Settings\Owner\Desktop\Addition.txt
2014-11-28 12:46 - 2014-12-04 17:18 - 00025961 _____ () D:\Documents and Settings\Owner\Desktop\FRST.txt
2014-11-28 12:46 - 2014-12-04 17:17 - 00000000 ____D () D:\FRST
2014-11-28 12:45 - 2014-12-04 03:48 - 01110016 _____ (Farbar) D:\Documents and Settings\Owner\Desktop\FRST.exe
2014-11-26 23:14 - 2014-11-26 23:14 - 00001434 _____ () D:\Documents and Settings\Owner\Desktop\JRT.txt
2014-11-26 23:08 - 2014-11-26 23:08 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-11-26 22:51 - 2014-11-26 22:51 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\AVG2015
2014-11-26 22:50 - 2014-11-26 22:50 - 00000704 _____ () D:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-11-26 22:50 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\TuneUp Software
2014-11-26 22:50 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-26 22:49 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-26 21:45 - 2014-11-26 21:47 - 00005570 _____ () D:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-11-24 02:05 - 2014-12-04 13:44 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\MFAData
2014-11-24 02:05 - 2014-11-26 22:50 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\Application Data\Avg2015
2014-11-24 02:05 - 2014-11-24 02:05 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
2014-11-23 23:47 - 2014-11-23 23:47 - 00000000 ___RD () D:\Program Files\Skype
2014-11-23 23:47 - 2014-11-23 23:47 - 00000000 ____D () D:\Program Files\Common Files\Skype
2014-11-23 23:47 - 2014-11-23 23:47 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-11-23 23:46 - 2014-11-23 23:46 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB2929961$
2014-11-23 23:35 - 2014-11-23 23:35 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB2930275$
2014-11-23 22:37 - 2014-11-26 23:02 - 00000000 ____D () D:\AdwCleaner
2014-11-23 22:37 - 2014-11-23 22:37 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB2914368$
2014-11-23 22:35 - 2014-11-23 22:35 - 00000000 ____D () D:\Program Files\Common Files\Java
2014-11-23 22:35 - 2014-11-23 22:35 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-11-23 22:35 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) D:\WINDOWS\system32\WindowsAccessBridge.dll
2014-11-23 22:35 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) D:\WINDOWS\system32\javaws.exe
2014-11-23 22:35 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\javaw.exe
2014-11-23 22:35 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\java.exe
2014-11-23 22:35 - 2014-09-26 18:16 - 00145408 _____ (Oracle Corporation) D:\WINDOWS\system32\javacpl.cpl
2014-11-23 22:34 - 2014-11-23 22:35 - 00005641 _____ () D:\WINDOWS\system32\jupdate-1.7.0_71-b14.log
2014-11-23 18:27 - 2014-11-23 21:09 - 00006909 _____ () D:\Documents and Settings\Owner\avgrep.txt
2014-11-18 22:14 - 2014-11-18 22:14 - 00000011 ____R () D:\WINDOWS\amunres.lsl
2014-11-13 23:04 - 2014-11-13 23:04 - 00000011 _____ () D:\Documents and Settings\Owner\My Documents\PS4 Daily contest code.txt
2014-11-07 20:46 - 2014-11-07 20:46 - 00000000 ____D () D:\Program Files\GigaTribe
2014-11-07 20:46 - 2014-11-07 20:46 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\GigaTribe
2014-11-04 21:05 - 2014-11-04 21:05 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\RenPy

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 17:15 - 2010-07-01 14:11 - 00000422 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{444CA9EF-5E8B-42AB-8959-F1C7CC312557}.job
2014-12-04 17:06 - 2012-04-03 09:22 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-04 16:46 - 2010-07-04 01:31 - 00000978 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job
2014-12-04 15:55 - 2014-07-08 21:15 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 15:48 - 2014-07-08 21:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-12-04 15:48 - 2014-07-08 21:15 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 15:47 - 2010-07-01 14:42 - 01986356 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-04 14:47 - 2010-07-01 22:36 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\uTorrent
2014-12-04 14:42 - 2012-01-03 02:32 - 00000998 _____ () D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job
2014-12-04 14:30 - 2010-07-01 14:44 - 00000000 __SHD () D:\Documents and Settings\NetworkService
2014-12-04 14:22 - 2008-04-14 07:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-12-04 14:21 - 2011-06-18 01:03 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-12-04 14:21 - 2011-06-18 01:03 - 00000049 _____ () D:\WINDOWS\wiaservc.log
2014-12-04 14:20 - 2010-07-01 14:44 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-04 14:20 - 2010-07-01 09:24 - 00000000 ____D () D:\WINDOWS\Help
2014-12-04 14:19 - 2010-07-01 09:28 - 00262144 _____ () D:\WINDOWS\system32\config\SECURITY.bak
2014-12-04 14:19 - 2010-07-01 09:28 - 00262144 _____ () D:\WINDOWS\system32\config\SAM.bak
2014-12-04 14:19 - 2010-07-01 09:27 - 34078720 _____ () D:\WINDOWS\system32\config\software.bak
2014-12-04 14:19 - 2010-07-01 09:27 - 08126464 _____ () D:\WINDOWS\system32\config\system.bak
2014-12-04 14:19 - 2010-07-01 09:27 - 00262144 _____ () D:\WINDOWS\system32\config\default.bak
2014-12-04 14:18 - 2010-07-01 14:44 - 00000178 ___SH () D:\Documents and Settings\Owner\ntuser.ini
2014-12-04 14:17 - 2010-07-02 02:29 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2014-12-04 14:17 - 2010-07-01 09:24 - 00000000 ____D () D:\WINDOWS\system32\ShellExt
2014-12-04 14:07 - 2010-07-01 14:44 - 00032438 _____ () D:\WINDOWS\SchedLgU.Txt
2014-12-04 13:43 - 2012-06-22 16:14 - 00000000 ____D () D:\Program Files\Mozilla Maintenance Service
2014-12-04 13:43 - 2008-04-14 07:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-12-04 13:41 - 2010-07-01 09:24 - 00000000 ____D () D:\WINDOWS\security
2014-12-04 01:18 - 2010-07-01 14:44 - 00000000 ____D () D:\Documents and Settings\Owner
2014-12-03 21:46 - 2010-07-04 01:31 - 00000926 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job
2014-12-03 17:42 - 2012-01-03 02:32 - 00000976 _____ () D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job
2014-12-03 03:46 - 2014-05-07 12:14 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-12-01 14:45 - 2011-04-21 01:15 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\vlc
2014-11-26 23:08 - 2012-04-03 09:22 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 23:08 - 2011-06-17 01:50 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-26 22:49 - 2010-07-15 00:01 - 00000000 ____D () D:\$AVG
2014-11-26 22:48 - 2010-07-01 15:19 - 00000000 ____D () D:\Program Files\AVG
2014-11-26 22:08 - 2010-07-01 15:18 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\avg9
2014-11-25 11:36 - 2011-12-28 17:14 - 00000000 ____D () D:\Documents and Settings\Owner\Desktop\DJ NiNjA Demo Mixes
2014-11-25 00:06 - 2010-07-01 14:38 - 00000000 ____D () D:\WINDOWS\Microsoft.NET
2014-11-24 22:12 - 2010-07-01 09:28 - 00181040 _____ () D:\WINDOWS\system32\FNTCACHE.DAT
2014-11-24 01:50 - 2010-07-01 09:32 - 00538954 _____ () D:\WINDOWS\system32\PerfStringBackup.INI
2014-11-23 23:47 - 2011-08-08 13:37 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\Skype
2014-11-23 23:47 - 2011-08-08 13:37 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Skype
2014-11-23 23:09 - 2010-07-01 22:07 - 00000000 ____D () D:\WINDOWS\ie8updates
2014-11-23 22:35 - 2010-07-01 14:51 - 00000000 ____D () D:\Program Files\Java
2014-11-23 16:01 - 2011-05-20 22:27 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2014-11-22 12:18 - 2010-07-02 16:30 - 00000000 ____D () D:\WINDOWS\Minidump
2014-11-22 12:16 - 2014-04-02 14:10 - 00000751 ____C () D:\Documents and Settings\Owner\My Documents\Dreams and Why Not (Album).txt
2014-11-21 06:14 - 2014-07-08 21:15 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-07-08 21:15 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-11-13 22:16 - 2013-02-09 00:32 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\Mp3tag

Files to move or delete:
====================
D:\Documents and Settings\Custom Settings\Apply Theme.vbs
D:\Documents and Settings\Custom Settings\Auto Config.bat
D:\Documents and Settings\Custom Settings\IE Favorite Links.bat
D:\Documents and Settings\Custom Settings\IExpress Shortcut Creator.vbs
D:\Documents and Settings\Custom Settings\System Settings.bat
D:\Documents and Settings\Custom Settings\System Settings.reg
D:\Documents and Settings\Custom Settings\TaskBarCmd v1.1.exe
D:\Documents and Settings\Custom Settings\User Settings.bat
D:\Documents and Settings\Custom Settings\User Settings.reg
D:\Documents and Settings\Custom Settings\WMP Shortcut Creator.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================








Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by Owner at 2014-12-04 17:17:00
Running from D:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Acoustica Mixcraft (HKLM\...\Acoustica Mixcraft) (Version: - Acoustica)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
AnyMedia Player 3.4.5 (HKLM\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 3.4.5 - cyan soft ltd)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 Beta 1 - Michael Tippach)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Beatnik Player (HKLM\...\Beatnik Player) (Version: - )
Bleep VSTi (HKLM\...\Bleep VSTi) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Content Manager Assistant for PlayStation(R) (HKLM\...\{0DCD0704-E2AB-4e97-96A7-90F146BD8243}) (Version: 2.50.6733.38 - Sony Computer Entertainment Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.115.201 - Alps Electric)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
D-Link VGA Webcam (HKLM\...\D-Link VGA Webcam) (Version: - )
EasyTether (HKLM\...\{A3FAE73B-4474-4A1D-A343-2FE248F05265}) (Version: 1.1.14 - Mobile Stream)
Edirol HQ Orchestral v1.01 (HKLM\...\Edirol HQ Orchestral v1.01) (Version: - )
Effectrix 1.4 (HKLM\...\Effectrix_is1) (Version: 1.4 - Sugar Bytes)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FL Studio v7.0 (HKLM\...\FL Studio_is1) (Version: - AiR, Inc.)
Foxit Reader (HKLM\...\Foxit Reader) (Version: - )
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
GigaTribe 3.04.013 (HKLM\...\ShalSoft.GigaTribe_is1) (Version: - GigaTribe SAS)
Google Chrome (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.8.1 - Kai Liu)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6162.0 - IDT)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
ITCH (HKLM\...\{8A8FF989-F31A-43A7-AF3B-BD6121E09225}) (Version: 1.04 - Serato Audio Research)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)
K-Lite Mega Codec Pack 9.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
LPEConnectFix 1.0 (HKLM\...\LPEConnectFix_is1) (Version: - LOTR, Inc. lol Gnutella Forums)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 3.0.80 (remove only) (HKLM\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)
Melodyne 3.2 (Version: 3.2.0202 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.54 (HKLM\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) Hidden
MusicLab RealGuitar 2.0 (HKLM\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version: - MusicLab, Inc.)
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
Open Command Prompt Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 1.2.0.0 - Kai Liu)
piaip AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 9.1.5 - Dell Computer Corporation)
Realtek Card Reader (HKLM\...\{D10CB652-9332-4242-B7A9-2D61570144F7}) (Version: 6.0.6000.72 - Realtek)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RGSS-RTP Standard (HKLM\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
RPGXP (HKLM\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
Sandboxie 3.52 (HKLM\...\Sandboxie) (Version: - )
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Scratch Live 2.4.1 (9) (HKLM\...\{8D084419-7570-4350-A4D2-C358E5E7F3AC}) (Version: 2.4.1 - Serato Inc LP)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version: - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM\...\TruePianos: Diamond Module_is1) (Version: - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM\...\TruePianos: Emerald Module_is1) (Version: - 4Front Technologies)
Unity Web Player (HKU\S-1-5-21-842925246-1177238915-1417001333-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB2.0 Card Reader Software (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.0.6000.75 - Realtek)
User Profile Hive Cleanup Service (HKLM\...\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}) (Version: 1.6.30 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
Yamaha USB-MIDI Driver (HKLM\...\InstallShield_{18B2020D-3D3F-4508-81E7-ACD4CCD25C53}) (Version: 3.1.2.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.2.1 - Yamaha Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{11F42BB9-3EEE-471D-8E7D-D86D603FD808}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> D:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> D:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> D:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{4A3522F6-5694-5E3E-9729-7269E6A8F3D3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{843BA37D-204E-CA80-4E5E-DA79D40C3A30}\InprocServer32 -> D:\Program Files\Serato\Drivers\ASIO\64\SL3\RaneAsioSL3.dll ()
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{C499FB90-5D25-4260-BE9A-71FEB2674BEA}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> D:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{EED7996D-443E-4B20-8E18-39994B9854D5}\InprocServer32 -> D:\Program Files\Serato\Drivers\ASIO\32\SL3\RaneAsioSL3.dll ()
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> D:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842925246-1177238915-1417001333-1003_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

01-07-2010 19:45:26 System Checkpoint
01-07-2010 19:48:40 Installed Windows KB954550-v5.
01-07-2010 19:48:44 Printer Driver Microsoft XPS Document Writer Installed
01-07-2010 19:51:50 Installed Java(TM) 6 Update 13
01-07-2010 19:52:10 Installed User Profile Hive Cleanup Service
01-07-2010 19:52:18 Installed Alt-Tab Task Switcher Powertoy for Windows XP
01-07-2010 19:52:29 Installed Microsoft AppLocale
04-12-2014 20:36:21 Revo Uninstaller's restore point - Ask & Record Toolbar 4.01

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2014-12-04 14:21 - 00000027 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: D:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003Core.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1177238915-1417001333-1003UA.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{444CA9EF-5E8B-42AB-8959-F1C7CC312557}.job => D:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-07-01 15:02 - 2008-11-26 10:39 - 00024576 _____ () D:\WINDOWS\System32\WLTRYSVC.EXE
2010-07-01 15:02 - 2008-11-26 10:39 - 00753664 _____ () D:\WINDOWS\System32\bcm1xsup.dll
2010-09-08 10:45 - 2010-09-08 10:45 - 01034752 _____ () D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-09-08 10:53 - 2010-09-08 10:53 - 00886272 _____ () D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2010-09-08 10:44 - 2010-09-08 10:44 - 00484352 _____ () D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2002-03-19 17:30 - 2002-03-19 17:30 - 00045632 _____ () D:\WINDOWS\system32\taskswitch.exe
2010-07-01 15:02 - 2008-11-26 10:39 - 00143360 _____ () D:\WINDOWS\system32\preflib.dll
2010-07-01 14:19 - 2008-10-04 08:40 - 00090223 _____ () D:\Program Files\Dell\QuickSet\preflibcl.dll
2010-07-01 14:19 - 2009-01-09 11:31 - 00098304 _____ () D:\Program Files\Dell\QuickSet\dadkeyb.dll
2013-02-12 21:37 - 2013-02-12 21:37 - 01263952 _____ () D:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () D:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () D:\WINDOWS\system32\devenum.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () D:\WINDOWS\system32\msdmo.dll
2010-12-04 21:38 - 2010-12-04 21:38 - 01242112 ____C () D:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
2010-12-04 21:38 - 2010-12-04 21:38 - 02010624 ____C () D:\Program Files\ManyCam\Bin\opencv_core220.dll
2014-11-26 11:06 - 2014-11-25 01:39 - 09009480 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 11:06 - 2014-11-25 01:39 - 01677128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-04-14 10:32 - 2014-02-10 12:44 - 04592128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-14 10:32 - 2014-02-10 12:44 - 00112128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2008-05-01 23:15 - 2008-05-01 23:15 - 00010240 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation(R).lnk => D:\WINDOWS\pss\Content Manager Assistant for PlayStation(R).lnkCommon Startup
MSCONFIG\startupfolder: D:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk => D:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: EasyTether => "D:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: ManyCam => "D:\Program Files\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: SandboxieControl => "D:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-842925246-1177238915-1417001333-500 - Administrator - Disabled)
ASPNET (S-1-5-21-842925246-1177238915-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-842925246-1177238915-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-842925246-1177238915-1417001333-1000 - Limited - Disabled)
Owner (S-1-5-21-842925246-1177238915-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-842925246-1177238915-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 03:54:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/01/2014 00:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module unknown, version 0.0.0.0, fault address 0x6d3d5050.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/24/2014 10:15:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/24/2014 10:14:02 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application stacsv.exe, version 1.0.6162.0, faulting module stacsv.exe, version 1.0.6162.0, fault address 0x0000e75b.
Error in creating result PEAP-TLV in response to received PEAP-TLV (stacsv.exe!ld!)

Error: (11/24/2014 10:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application stacsv.exe, version 1.0.6162.0, faulting module stacsv.exe, version 1.0.6162.0, fault address 0x0000e75b.
Processing media-specific event for [stacsv.exe!ws!]

Error: (11/24/2014 01:46:19 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2729449, P2 10.0.30319, P3 10.0.30319.296, P4 1, P5 ndp40-kb2729449.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 vssetup0, P10 vssetup1.

Error: (11/24/2014 01:46:18 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2729449' could not be installed. Error code 1603. Additional information is available in the log file D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2729449_20141124_014749015-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (11/24/2014 01:47:40 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2742595, P2 10.0.30319, P3 10.0.30319.1001, P4 1, P5 ndp40-kb2742595.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 vssetup0, P10 vssetup1.

Error: (11/24/2014 01:47:39 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2742595' could not be installed. Error code 1603. Additional information is available in the log file D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2742595_20141124_014525218-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (11/24/2014 01:45:13 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2604092, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.


System errors:
=============
Error: (12/04/2014 04:17:01 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:57 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:53 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:48 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:44 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:40 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:36 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:32 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:27 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/04/2014 04:16:23 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (12/03/2014 03:54:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423mozalloc.dll33.1.0.542300001425

Error: (12/01/2014 00:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5634unknown0.0.0.06d3d5050

Error: (11/24/2014 10:15:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/24/2014 10:14:02 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: stacsv.exe1.0.6162.0stacsv.exe1.0.6162.00000e75b

Error: (11/24/2014 10:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: stacsv.exe1.0.6162.0stacsv.exe1.0.6162.00000e75b

Error: (11/24/2014 01:46:19 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: vssetupkb272944910.0.3031910.0.30319.2961ndp40-kb2729449.mspinstall_i_silent_error16030ca_cachegacassemblydeferred.3643236f_fc70_11d3_a536_0090278a1bb8NIL

Error: (11/24/2014 01:46:18 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Microsoft .NET Framework 4 Client ProfileKB27294491603D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2729449_20141124_014749015-Microsoft .NET Framework 4 Client Profile-MSP0.txt(NULL)

Error: (11/24/2014 01:47:40 AM) (Source: VSSetup) (EventID: 5000) (User: )
Description: vssetupkb274259510.0.3031910.0.30319.10011ndp40-kb2742595.mspinstall_i_silent_error16030ca_cachegacassemblydeferred.3643236f_fc70_11d3_a536_0090278a1bb8NIL

Error: (11/24/2014 01:47:39 AM) (Source: MsiInstaller) (EventID: 1023) (User: ANONYMOUS)
Description: Microsoft .NET Framework 4 Client ProfileKB27425951603D:\DOCUME~1\Owner\LOCALS~1\Temp\KB2742595_20141124_014525218-Microsoft .NET Framework 4 Client Profile-MSP0.txt(NULL)

Error: (11/24/2014 01:45:13 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb260409210331603msif9.0.40215.0installx86xp2905


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 67%
Total physical RAM: 3032.29 MB
Available physical RAM: 993.55 MB
Total Pagefile: 4917.94 MB
Available Pagefile: 2762.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.92 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:169 GB) (Free:7.26 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (XP) (Fixed) (Total:48.83 GB) (Free:0.55 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.43 GB) NTFS
Drive h: () (Removable) (Total:3.68 GB) (Free:2.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 68000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=169 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
djninja33 is offline  
Old 12-06-2014, 05:21 AM   #8
Security Team
Analyst
 
Join Date: Feb 2014
Location: Germany
Posts: 53
OS: Win 8.1



Step 1

Please download TDSS iller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
deeprybka is offline  
Old 12-08-2014, 08:25 AM   #9
Security Team
Analyst
 
Join Date: Feb 2014
Location: Germany
Posts: 53
OS: Win 8.1



Hi,

2 Day Inactivity

this is the second day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.
deeprybka is offline  
Old 12-09-2014, 11:14 AM   #10
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Specialist Crime Directorate?
I have got the Specialist Crime Directorate Ransomware virus and I need help on removing it. My computer won't boot in safe mode with networking or cmd, help!:frown:
josh1929 Resolved HJT Threads 36 09-03-2013 06:05 PM
I'm tech support, need help, this thing is nasty.
I've thrown everything I could at this so far. Malware bytes, superantispyware, hijack this, ccleaner... I could throw more I guess. I'm going to take the drive out and scan it on another machine. But I have seen this before and it angers me. SVCHOST.EXE starts eating resources, less...
DriftLife Resolved HJT Threads 15 08-04-2011 08:09 PM
Windows XP Fix
I have got this intruder on my computer. I cannot access the internet or anything else. I was going to do a system restore, but I cannot get to it. I do have another computer with Vista, but I need the XP computer for work. Please help!
mishamisha Virus/Trojan/Spyware Help 26 07-14-2011 06:36 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:47 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts