TechSpot

Potentially infected... Chrome (not working), shuts down upon opening program

By zobbin
Sep 7, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
    Ran by Boz (administrator) on DUBSONE (07-09-2015 20:23:49)
    Running from C:\Documents and Settings\Boz\My Documents\Downloads
    Loaded Profiles: Boz (Available Profiles: Boz & Guest248 & Administrator)
    Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (GEMTEKS) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    (Linksys WPA UI(CA)) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (BitTorrent Inc.) C:\Documents and Settings\Boz\Application Data\BitTorrent\BitTorrent.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
    HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
    HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
    HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1361088 2015-08-20] (COMODO)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2015-02-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-25] (SUPERAntiSpyware)
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\Run: [BitTorrent] => C:\Documents and Settings\Boz\Application Data\BitTorrent\BitTorrent.exe [1698152 2015-08-20] (BitTorrent Inc.)
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-01-05]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-08-20]
    ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7E27A112-C3D3-4877-86F1-292E9368610A}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DF22A413-2461-4F28-94D3-D2A401206326}: [DhcpNameServer] 154.11.129.59 154.11.129.187 209.115.152.130

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-243343400-2573606588-2901852968-1006 -> {2528085A-2B78-48B2-BBE1-B7A5429C91C7} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-243343400-2573606588-2901852968-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Boz\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-06] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-05]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-28]
    FF HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Flash) - internal-remoting-viewer
    CHR Plugin: (Remoting Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (QuickTime) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Windows Media Player) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll No File
    CHR Plugin: (Java) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (iTunes Application Detector) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Plugin: (Silverlight) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (F5 Networks Plugin Host) - C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2014-12-23]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-21] (SUPERAntiSpyware.com)
    U3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    U2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-02] (Comodo)
    R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
    U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4353840 2015-08-20] (COMODO)
    U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664704 2015-08-20] (COMODO)
    U3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
    U2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
    U3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    U2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    U2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-06-17] (Intel Corporation) [File not signed]
    U3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    U2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-17] (Oracle Corporation)
    U2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-09-07] (Malwarebytes Corporation)
    U2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-09-07] (Malwarebytes Corporation)
    U2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    U3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
    U2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    U2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
    U3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [X]
    U2 WUSB54Gv4SVC; "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    U3 BeTwinKeyboard; C:\WINDOWS\System32\drivers\BeTwinKF.sys [16192 2012-01-17] (ThinSoft Pte Ltd.)
    U3 BeTwinMouse; C:\WINDOWS\System32\drivers\BeTwinMF.sys [16192 2012-01-17] (ThinSoft Pte Ltd.)
    U1 BeTwinSystem; C:\WINDOWS\System32\Drivers\BeTwinSystem.sys [13640 2012-01-17] (ThinSoft Pte Ltd.)
    U0 BeTwinVideo; C:\WINDOWS\System32\drivers\BeTwinVF.sys [20800 2012-01-17] (ThinSoft Pte Ltd.)
    U1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-06-25] (Windows (R) Win 7 DDK provider)
    U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-04] (COMODO)
    U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-04] (COMODO)
    U1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-04] (COMODO)
    U3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    U1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
    U3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    U3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    U3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    U3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    U0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105664 2015-08-04] (COMODO)
    U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-09-07] (Malwarebytes Corporation)
    U2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-05-26] (Meetinghouse Data Communications) [File not signed]
    U3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
    U3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
    U3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
    U3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19016 2014-01-14] ()
    U3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-10-01] (Padus, Inc.) [File not signed]
    U1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U1 sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [55168 2005-10-18] (Macrovision Europe Ltd) [File not signed]
    U3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
    U3 WUSB54GV4SRV; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [79616 2004-05-07] (Ralink Technology Inc.)
    U3 bvrp_pci; no ImagePath
    U1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U3 TlntSvr; no ImagePath
    U3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    U3 wanatw; system32\DRIVERS\wanatw4.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-07 20:23 - 2015-09-07 20:24 - 00000000 ____D C:\FRST
    2015-09-07 19:49 - 2015-09-07 19:49 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-09-07 19:49 - 2015-09-07 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2015-09-07 19:41 - 2015-09-07 19:46 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e9d76a98ab18.job
    2015-09-07 19:41 - 2015-09-07 19:46 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-20 13:00 - 2015-08-20 13:00 - 00001780 _____ C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
    2015-08-20 13:00 - 2015-08-20 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo Security Solutions Inc
    2015-08-20 12:59 - 2015-08-20 12:59 - 00000000 ____D C:\Program Files\Common Files\COMODO

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-07 20:26 - 2012-09-03 19:05 - 00000000 ____D C:\Documents and Settings\Boz\Local Settings\temp
    2015-09-07 20:26 - 2008-10-23 22:17 - 00000000 ____D C:\Documents and Settings\Boz\Application Data\BitTorrent
    2015-09-07 20:25 - 2015-02-03 21:49 - 01218032 _____ C:\WINDOWS\system32\Drivers\sfi.dat
    2015-09-07 20:24 - 2013-11-14 04:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-09-07 20:22 - 2015-05-25 12:30 - 00004410 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
    2015-09-07 20:05 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    2015-09-07 19:49 - 2012-08-29 23:34 - 00000000 ____D C:\Program Files\Google
    2015-09-07 19:48 - 2012-02-11 18:28 - 00000000 ____D C:\Program Files\PeerBlock
    2015-09-07 19:37 - 2009-01-17 16:46 - 00841891 _____ C:\WINDOWS\setupapi.log
    2015-09-07 19:36 - 2004-08-10 12:02 - 01504836 _____ C:\WINDOWS\WindowsUpdate.log
    2015-09-07 19:28 - 2014-07-28 23:04 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-09-07 19:27 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2015-09-07 19:25 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
    2015-09-07 19:25 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
    2015-09-07 19:25 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
    2015-09-07 19:25 - 2005-10-25 21:01 - 00000178 ___SH C:\Documents and Settings\Boz\ntuser.ini
    2015-09-07 19:25 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-07 19:25 - 2004-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2015-09-07 19:25 - 2004-08-10 11:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
    2015-09-07 19:24 - 2004-08-10 12:08 - 00032402 _____ C:\WINDOWS\SchedLgU.Txt
    2015-09-07 19:24 - 2004-08-10 12:08 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
    2015-09-07 02:07 - 2014-07-28 23:04 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-09-07 02:07 - 2014-07-28 23:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-09-07 02:07 - 2014-07-28 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-07 02:07 - 2012-09-01 21:51 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-09-07 02:07 - 2012-09-01 21:51 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-06 13:59 - 2005-10-26 17:22 - 00120320 _____ C:\Documents and Settings\Boz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-09-06 12:45 - 2012-04-04 22:23 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-09-06 12:45 - 2011-10-05 09:45 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-09-01 13:19 - 2015-02-02 19:04 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-08-20 21:49 - 2015-02-03 21:46 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    2015-08-20 13:00 - 2015-02-03 21:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
    2015-08-13 03:18 - 2013-07-16 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-08-13 03:01 - 2005-10-27 19:47 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-08-08 15:00 - 2014-04-09 20:38 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

    ==================== Files in the root of some directories =======

    2010-08-16 00:00 - 2010-08-16 00:00 - 10864104 _____ (PokerStars) C:\Program Files\PokerStarsInstall.exe
    2010-01-12 23:32 - 2010-01-12 23:38 - 0010584 _____ () C:\Documents and Settings\Boz\Application Data\docXConverter (3).ini
    2010-01-12 23:35 - 2010-01-12 23:36 - 0000132 ____H () C:\Documents and Settings\Boz\Application Data\lakerda1967.sys
    2005-10-26 17:27 - 2005-10-26 17:27 - 0012358 _____ () C:\Documents and Settings\Boz\Application Data\PFP120JCM.{PB
    2005-10-26 17:27 - 2005-10-26 17:27 - 0061678 _____ () C:\Documents and Settings\Boz\Application Data\PFP120JPR.{PB
    2011-08-28 15:26 - 2013-12-26 22:33 - 0000154 _____ () C:\Documents and Settings\Boz\Application Data\Rim.Desktop.Exception.log
    2011-08-28 15:18 - 2013-12-28 20:07 - 0002161 _____ () C:\Documents and Settings\Boz\Application Data\Rim.Desktop.HttpServerSetup.log
    2011-08-28 15:27 - 2013-12-26 22:32 - 0000231 _____ () C:\Documents and Settings\Boz\Application Data\Rim.DesktopHelper.Exception.log
    2005-10-26 17:22 - 2015-09-06 13:59 - 0120320 _____ () C:\Documents and Settings\Boz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-01-23 22:33 - 2008-01-23 22:33 - 0000126 _____ () C:\Documents and Settings\Boz\Local Settings\Application Data\fusioncache.dat

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================
     
  2. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-09-2015
    Ran by Boz (2015-09-07 20:27:13)
    Running from C:\Documents and Settings\Boz\My Documents\Downloads
    Microsoft Windows XP Service Pack 3 (X86) (2005-10-26 03:01:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-243343400-2573606588-2901852968-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Boz (S-1-5-21-243343400-2573606588-2901852968-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Boz
    Guest (S-1-5-21-243343400-2573606588-2901852968-501 - Limited - Enabled)
    Guest248 (S-1-5-21-243343400-2573606588-2901852968-1010 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Guest248
    HelpAssistant (S-1-5-21-243343400-2573606588-2901852968-1005 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-243343400-2573606588-2901852968-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    888poker (HKLM\...\888poker) (Version: - )
    Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Camera Suite 1.3 (HKLM\...\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}) (Version: - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5150 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.13-050414a2-023179C-Dell - )
    BIG-IP Edge Client Components (All Users) (HKLM\...\F5 Networks Client Components) (Version: 70.2013.0426.1849 - F5 Networks, Inc.)
    BitTorrent (HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
    BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Chromodo (HKLM\...\Chromodo) (Version: 36.7.0.8 - Comodo)
    Citrix Web Client (HKLM\...\Citrix Web Client) (Version: - )
    Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.24 - BVRP Software)
    COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
    Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
    Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
    Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
    Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
    DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000 - Hewlett-Packard) Hidden
    Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    F4400 (Version: 130.0.448.000 - Hewlett-Packard) Hidden
    FIBzilla Backgammon 5.0.46 (HKLM\...\FIBzilla_is1) (Version: - )
    GeekBuddy (HKLM\...\{AA722B93-B5B3-48DE-912A-81C0926D22AE}) (Version: 4.21.144 - Comodo Security Solutions Inc)
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    Intel(R) PROSet for Wired Connections (HKLM\...\{4CEA6811-DFAD-4892-828D-49941FE3B779}) (Version: 9.30.0000 - Dell)
    iPod for Windows 2005-03-23 (HKLM\...\InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}) (Version: 3.8.0 - Apple Computer, Inc.)
    iPod for Windows 2005-03-23 (Version: 3.8.0 - Apple Computer, Inc.) Hidden
    iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
    Linksys Wireless-G USB Network Adapter (HKLM\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version: - )
    Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version: 10.1.0.11 - Macromedia, Inc.)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    MINITAB 14 Student (HKLM\...\InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}) (Version: 14 - Minitab, Inc.)
    MINITAB 14 Student (Version: 14 - Minitab, Inc.) Hidden
    Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    PokerStars (HKLM\...\PokerStars) (Version: 1.726 - PokerStars)
    PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
    Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
    QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    R for Windows 2.9.0 (HKLM\...\R for Windows 2.9.0_is1) (Version: 2.9.0 - R Development Core Team)
    Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Rosetta Stone (HKLM\...\The Rosetta Stone) (Version: - )
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    XP Codec Pack (HKLM\...\XP Codec Pack) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{019DB8F5-D455-4B23-88A0-C9C57B6A0E76}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{0F8778CF-72A5-4275-835E-1F5395F7D437}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{124824DB-D7AC-447E-8103-D4ED58A0CEFF}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{15B62A81-9030-478E-A467-26F6B8223866}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{16AF398F-0DE4-4CB1-A0A3-E58D6E34EF86}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{17CAD714-24C4-474E-97D4-4C5A50046791}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{17F7035D-4162-4ef4-B515-D739E2E6A937}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{184092C4-EA10-43A4-A109-40A6E2F2248C}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6A}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6B}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{22FE1038-DEF4-4581-8F56-9E4D657D669C}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{248F9A18-25ED-4001-AB85-5112B11A2741}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{272D77A0-A852-4851-ADA4-9091FEAD4C86}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{2A55FF12-1657-41D7-9D2D-A2CDC6978FF2}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{2F75E451-A88C-4939-BFE5-D92D48C102F2}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{3C2F3B51-E98E-48C6-BFD2-2C77017D796F}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{3E8E0584-1B63-46DF-8783-EAE6DB9859DD}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{4578D46F-1AAF-4FA6-AD9C-401A97CFA291}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{4C0F53A1-B3DD-401D-86F0-E9E2D07BF711}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{5611AC6E-60BD-4C61-B1B2-793037310CA7}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{5F9C8C75-CBFE-4D3B-BD74-49A8F8D8D5A8}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{6B4BDFB0-40F4-4F5F-9548-2CC92F5CF69B}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{705E9CBC-C2A1-4BFA-AA29-B12765894DE4}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{70F8BCC5-643D-445A-8362-DD6536A68514}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{72C068B4-E220-4CBA-8D2E-87E915A842FF}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{73772CC1-3B62-49D8-844C-0C1CE3FAD942}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{75183C2F-8CE0-4C7B-B22A-38979D4E3275}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{78A09728-E250-47CE-A383-0AADAA9359E2}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{7C21821C-4F7F-4F1B-A53E-D07B2800878A}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{7C32A8A2-17B8-4925-9699-9863A9B7BCB8}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{7D08E09D-40AA-469A-8D01-DCCC7F5783C4}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{8206BCD3-F6D5-4D6F-968C-C22A0672A466}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{8566B372-D0F6-4136-8C5E-7E368EBC85B4}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{8CBE7C53-2B83-48CC-A235-8B12C764FADF}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{9007D794-86D5-4211-83EC-BF168D77BDF3}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{90ADA535-B920-4A7D-9E47-77909A574355}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{96B9D0ED-14BD-4454-A619-96BA665B0992}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{96B9D0ED-6558-4327-AE70-E693767C40A0}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{9FC5E60A-0B81-4177-B84F-63ABF5B8C9C9}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A0D8253C-199C-47B0-B183-81ED97FC2760}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A1BDD89E-DC7C-41FB-AD2D-A7D6C3B531F6}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A249EBBE-9DF3-4672-A64F-D47DCDD8B314}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A4DCA218-AC9E-4D1F-8600-C5B1F390D408}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A539FCC4-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A539FCC5-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A8786FBA-B1E0-41D8-9A3E-F56D4E226A51}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BC4EB321-771F-4E9F-AF67-37C631ECA106}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BE4F19BF-FF14-4C06-AB7A-77E76CCE2F5A}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BEB7FFE8-37BA-4849-AE26-7A10EF20A303}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{C197E022-262A-4306-A4D2-4B497F048514}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{C3B05695-AE2C-4FD5-A191-2E4C782C03E0}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CD5DA7BE-393D-422C-818C-1273327C23C5}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CF2521A7-4029-4CC1-8C6E-F82BD82BB343}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CF85704E-2B43-47E7-9B02-C8AF2694E2D0}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{D677B967-820F-4E84-B43A-118270FFFB80}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{DB6CB9F9-228F-46BD-9B36-1125F6801891}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{E3873273-0855-4fc8-8C9E-084145F505B2}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EBC7A7B5-C614-47B3-A579-27A2C2C98A13}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\ProfMan.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EF0FEE6D-D035-4DFB-856B-947897D39A3C}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{F7EF9722-1DEA-4430-B830-C54B382FC90C}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FC31293E-3239-4C12-8FC6-B2B09F62FA3F}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FC583D50-A2F5-4656-8B1D-360488B183D3}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\ProfMan.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FC86AD6C-894A-44E9-A283-4B5A9DD6CA65}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FE5106C0-C8E6-4D53-880C-BED388E6FC75}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
     
  3. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    ==================== Restore Points =========================

    Could not list restore points
    Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-09-03 13:03 - 2013-03-05 16:35 - 00000053 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.flyordie.com


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e9d76a98ab18.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-04-24 22:34 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2005-10-27 19:26 - 2004-06-30 17:12 - 00077824 _____ () C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
    2005-10-27 19:26 - 2002-04-24 00:00 - 00110592 _____ () C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL
    2005-10-27 19:27 - 2003-10-13 15:30 - 00094208 _____ () C:\WINDOWS\system32\GTW32N50.dll
    2013-04-15 18:39 - 2015-01-08 16:02 - 00061152 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
    2015-08-13 14:37 - 2015-08-13 14:37 - 00976064 _____ () C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll
    2015-08-13 14:37 - 2015-08-13 14:37 - 02254528 _____ () C:\Program Files\Comodo\GeekBuddy\QtCore4.dll
    2015-08-13 14:37 - 2015-08-13 14:37 - 08024768 _____ () C:\Program Files\Comodo\GeekBuddy\QtGui4.dll
    2015-08-13 14:38 - 2015-08-13 14:38 - 00032960 _____ () C:\Program Files\Comodo\GeekBuddy\imageformats\qgif4.dll
    2015-08-13 14:37 - 2015-08-13 14:37 - 01299648 _____ () C:\Program Files\Comodo\GeekBuddy\QtScript4.dll
    2004-08-10 11:50 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 11:51 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2015-03-26 00:34 - 2015-03-26 00:34 - 00956616 _____ () C:\Program Files\Comodo\Chromodo\ffmpegsumo.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\certsentry.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl.sys:$CmdTcID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
    IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
    IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
    IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> www.1sexparty.com
    IE restricted site: HKU\.DEFAULT\...\1stantivirus.com -> www.1stantivirus.com
    IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> www.1stpagehere.com
    IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> www.1stsearchportal.com
    IE restricted site: HKU\.DEFAULT\...\2006ooo.com -> www.2006ooo.com
    IE restricted site: HKU\.DEFAULT\...\2020search.com -> www.2020search.com
    IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
    IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> www.24-7searching-and-more.com
    IE restricted site: HKU\.DEFAULT\...\24teen.com -> www.24teen.com

    There are 1236 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Boz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.1.1
    sharedaccess Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\msncall.exe] => Enabled:Windows Live Messenger 8.0 (Phone)
    DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger 8.1
    DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
    DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\WUAUCLT.EXE] => Enabled:Windows Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\WUAUCLT.EXE] => Enabled:Windows Update
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Boz\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe] => Enabled:BlackBerry Desktop Software
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [4481:TCP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    StandardProfile\GloballyOpenPorts: [4481:UDP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    StandardProfile\GloballyOpenPorts: [4482:TCP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    StandardProfile\GloballyOpenPorts: [4482:UDP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Could not start eventlog service, could not read events.

    System error 123 has occurred.

    The filename, directory name, or volume label syntax is incorrect.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of memory in use: 59%
    Total physical RAM: 1022.09 MB
    Available physical RAM: 413.39 MB
    Total Virtual: 2459.39 MB
    Available Virtual: 1015.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:229.77 GB) (Free:156.76 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.8 GB) (Disk ID: D0F4738C)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Active) - (Size=229.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Uninstall following unwanted program: Download Updater

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Boz [Administrator]
    Started from : C:\Documents and Settings\Boz\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 09/08/2015 19:25:02

    ¤¤¤ Processes : 3 ¤¤¤
    [Proc.Svchost] svchost.exe(4680) -- C:\WINDOWS\system32\svchost.exe[7] -> Killed [TermProc]
    [Proc.Svchost] svchost.exe(6120) -- C:\WINDOWS\system32\svchost.exe[7] -> Killed [TermProc]
    [Proc.Svchost] svchost.exe(2924) -- C:\WINDOWS\system32\svchost.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Not selected
    [PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF22A413-2461-4F28-94D3-D2A401206326} | DhcpNameServer : 154.11.129.59 154.11.129.187 209.115.152.130 ([CANADA (CA)][X][-]) -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF22A413-2461-4F28-94D3-D2A401206326} | DhcpNameServer : 154.11.129.59 154.11.129.187 209.115.152.130 ([X][CANADA (CA)][-]) -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 2 ¤¤¤
    [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 www.flyordie.com

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] c6ba97167b4f5da403278fd931f3b45f
    [BSP] b72667633f4c7c2babf1970635a88ab8 : Dell MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 112455 | Size: 235280 MB [Windows XP Bootstrap | Windows XP Bootloader]
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 481966065 | Size: 3074 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  6. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 08/09/2015
    Scan Time: 7:32:56 PM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.09.08.07
    Rootkit Database: v2015.08.16.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Boz

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 432961
    Time Elapsed: 26 min, 59 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 1
    PUM.Bad.Proxy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:5555, Quarantined, [b3c433fa3655c76fac2f06d616edd030]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    # AdwCleaner v5.007 - Logfile created 08/09/2015 at 20:53:48
    # Updated 08/09/2015 by Xplode
    # Database : 2015-09-08.2 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Boz - DUBSONE
    # Running from : C:\Documents and Settings\Boz\My Documents\Downloads\adwcleaner_5.007.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [-] Folder Deleted : C:\Documents and Settings\Boz\Application Data\HPAppData
    [-] Folder Deleted : C:\Documents and Settings\Boz\Application Data\Yahoo!\Companion
    [-] Folder Deleted : C:\Documents and Settings\Boz\Local Settings\Application Data\Conduit
    [-] Folder Deleted : C:\Documents and Settings\Boz\Local Settings\Application Data\PackageAware
    [-] Folder Deleted : C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
    [-] Folder Deleted : C:\Documents and Settings\Guest248\Application Data\HPAppData
    [-] Folder Deleted : C:\Program Files\Conduit
    [-] Folder Deleted : C:\Program Files\Uniblue
    [-] Folder Deleted : C:\Program Files\Viewpoint

    ***** [ Files ] *****

    [-] File Deleted : C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
    [-] File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [-] File Deleted : C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
    [-] File Deleted : C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal

    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKLM\SOFTWARE\MetaStream
    [-] Key Deleted : HKLM\SOFTWARE\Uniblue
    [-] Key Deleted : HKLM\SOFTWARE\Viewpoint
    [-] Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

    ***** [ Web browsers ] *****

    [-] [C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5593 bytes] ##########
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    JRT?
     
  9. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Yes, I have attempted to run JRT three times, but it appears my attempts are unsuccessful. After closing all programs/protection software, I run JRT. The program checks for updates and then asks to press any key to continue. Display then reads restore point success, and says checking start up. After a minute or two, the program shuts down and no log opens, nor is one saved on my desktop. How should I proceed?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    ComboFix 15-09-07.01 - Boz 09/09/2015 18:13:54.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.631 [GMT -6:00]
    Running from: c:\documents and settings\Boz\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\EventSystem.log
    c:\windows\system32\slsapi.dll
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-08-10 to 2015-09-10 )))))))))))))))))))))))))))))))
    .
    .
    2015-09-09 02:12 . 2015-09-09 02:53 -------- d-----w- C:\AdwCleaner
    2015-09-09 00:23 . 2015-09-09 00:23 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-09-09 00:23 . 2015-09-09 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
    2015-08-20 18:59 . 2015-08-20 18:59 -------- d-----w- c:\program files\Common Files\COMODO
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-09-09 02:56 . 2014-07-29 05:04 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-09-07 08:07 . 2014-07-29 05:04 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-09-07 08:07 . 2012-09-02 03:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-09-06 18:45 . 2012-04-05 04:23 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-09-06 18:45 . 2011-10-05 15:45 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-08-05 00:30 . 2015-01-30 19:27 105664 ----a-w- c:\windows\system32\drivers\inspect.sys
    2015-08-05 00:30 . 2015-01-30 19:27 30144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2015-08-05 00:30 . 2015-01-30 19:27 631872 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2015-08-05 00:30 . 2015-01-30 19:27 15808 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2015-08-05 00:29 . 2015-01-30 19:27 33496 ----a-w- c:\windows\system32\cmdcsr.dll
    2015-08-05 00:29 . 2015-01-30 19:27 445472 ----a-w- c:\windows\system32\guard32.dll
    2015-08-05 00:27 . 2015-01-30 19:27 288448 ----a-w- c:\windows\system32\cmdvrt32.dll
    2015-08-05 00:26 . 2015-01-30 19:27 40640 ----a-w- c:\windows\system32\cmdkbd32.dll
    2010-08-16 06:00 . 2010-08-16 06:00 10864104 ----a-w- c:\program files\PokerStarsInstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-25 6714136]
    "BitTorrent"="c:\documents and settings\Boz\Application Data\BitTorrent\BitTorrent.exe" [2015-08-21 1698152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 157480]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-08-21 1361088]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-02-04 959904]
    "tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2015-06-30 2327248]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
    "c:\\Documents and Settings\\Boz\\Application Data\\BitTorrent\\BitTorrent.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    .
    R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [25/06/2014 11:33 PM 36112]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [30/01/2015 1:27 PM 15808]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30/01/2015 1:27 PM 631872]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30/01/2015 1:27 PM 30144]
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [20/09/2014 12:37 PM 22312]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 10:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 3:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/07/2012 12:54 PM 142648]
    R2 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files\Comodo\Chromodo\chromodo_updater.exe [26/03/2015 12:41 AM 2306248]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [13/08/2015 2:37 PM 70848]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/09/2012 9:51 PM 23256]
    R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [27/10/2005 7:27 PM 79616]
    S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [27/06/2012 10:32 AM 20800]
    S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [27/06/2012 10:32 AM 13640]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [30/06/2015 2:10 PM 2327248]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [28/07/2014 11:04 PM 1871160]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [28/07/2014 11:04 PM 1133880]
    S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [27/06/2012 10:32 AM 16192]
    S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [27/06/2012 10:32 AM 16192]
    S3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [18/01/2013 6:10 PM 577536]
    S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [30/01/2015 1:27 PM 1664704]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [20/09/2014 9:15 PM 89856]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [05/05/2011 5:08 PM 18432]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/02/2012 6:28 PM 19016]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [20/09/2014 9:15 PM 184192]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - GTNDIS5
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-09-08 01:49 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:45]
    .
    2015-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    2015-09-09 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
    - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30 03:46]
    .
    2015-09-09 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
    - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30 03:46]
    .
    2015-09-09 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
    - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30 03:46]
    .
    2015-09-09 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30 03:46]
    .
    2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-08 01:40]
    .
    2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e9d76a98ab18.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-08 01:40]
    .
    2015-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-25 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-09-09 18:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\Mode\Configurations]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\Mode\Data]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\Mode\Options]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(944)
    c:\windows\system32\guard32.dll
    c:\windows\system32\mswsock.dll
    c:\windows\System32\wshtcpip.dll
    .
    - - - - - - - > 'csrss.exe'(852)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2015-09-09 18:43:07
    ComboFix-quarantined-files.txt 2015-09-10 00:43
    .
    Pre-Run: 168,104,640,512 bytes free
    Post-Run: 168,080,920,576 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - E3075A62AF7F42DA13BFD2C4DBE6BB30
    B16A2359F4962B0C622D81A1C1F4B703
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] There are some McAfee leftovers.
    Please run this tool to remove them: http://www.majorgeeks.com/files/details/mcafee_consumer_product_removal_tool.html

    [​IMG] Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    McAfee removal didn't work. Ran the program and received the following message: "Incomplete Uninstallation. Some or all files may not have been removed successfully. See logs for more details".

    Running FRST now.
     
  14. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
    Ran by Boz (administrator) on DUBSONE (09-09-2015 19:06:05)
    Running from C:\Documents and Settings\Boz\Desktop
    Loaded Profiles: Boz (Available Profiles: Boz & Guest248 & Administrator)
    Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Comodo) C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (GEMTEKS) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    (Linksys WPA UI(CA)) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
    HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
    HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
    HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1361088 2015-08-20] (COMODO)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2015-02-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-25] (SUPERAntiSpyware)
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\Run: [BitTorrent] => C:\Documents and Settings\Boz\Application Data\BitTorrent\BitTorrent.exe [1698152 2015-08-20] (BitTorrent Inc.)
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-01-05]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7E27A112-C3D3-4877-86F1-292E9368610A}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DF22A413-2461-4F28-94D3-D2A401206326}: [DhcpNameServer] 154.11.129.59 154.11.129.187 209.115.152.130

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-243343400-2573606588-2901852968-1006 -> {2528085A-2B78-48B2-BBE1-B7A5429C91C7} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-243343400-2573606588-2901852968-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Boz\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-06] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-05]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-28]
    FF HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Flash) - internal-remoting-viewer
    CHR Plugin: (Remoting Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (QuickTime) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Windows Media Player) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll No File
    CHR Plugin: (Java) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (iTunes Application Detector) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Plugin: (Silverlight) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (F5 Networks Plugin Host) - C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2014-12-23]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Boz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-21] (SUPERAntiSpyware.com)
    U3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    U2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-02] (Comodo)
    R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
    U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4353840 2015-08-20] (COMODO)
    U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664704 2015-08-20] (COMODO)
    U3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
    U2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
    U3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    U2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    U2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-06-17] (Intel Corporation) [File not signed]
    U3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    U2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-17] (Oracle Corporation)
    U2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-09-07] (Malwarebytes Corporation)
    U2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-09-07] (Malwarebytes Corporation)
    U2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    U3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
    U2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    U2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
    U3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [X]
    U2 WUSB54Gv4SVC; "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    U3 BeTwinKeyboard; C:\WINDOWS\System32\drivers\BeTwinKF.sys [16192 2012-01-17] (ThinSoft Pte Ltd.)
    U3 BeTwinMouse; C:\WINDOWS\System32\drivers\BeTwinMF.sys [16192 2012-01-17] (ThinSoft Pte Ltd.)
    U1 BeTwinSystem; C:\WINDOWS\System32\Drivers\BeTwinSystem.sys [13640 2012-01-17] (ThinSoft Pte Ltd.)
    U0 BeTwinVideo; C:\WINDOWS\System32\drivers\BeTwinVF.sys [20800 2012-01-17] (ThinSoft Pte Ltd.)
    U1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-06-25] (Windows (R) Win 7 DDK provider)
    U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-04] (COMODO)
    U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-04] (COMODO)
    U1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-04] (COMODO)
    U3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    U1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
    U3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    U3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    U3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    U3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    U0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105664 2015-08-04] (COMODO)
    U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-09-07] (Malwarebytes Corporation)
    U2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-05-26] (Meetinghouse Data Communications) [File not signed]
    U3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
    U3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
    U3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
    U3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19016 2014-01-14] ()
    U3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-10-01] (Padus, Inc.) [File not signed]
    U1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U1 sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [55168 2005-10-18] (Macrovision Europe Ltd) [File not signed]
    U3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
    U3 WUSB54GV4SRV; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [79616 2004-05-07] (Ralink Technology Inc.)
    U3 bvrp_pci; no ImagePath
    U3 catchme; \??\C:\DOCUME~1\Boz\LOCALS~1\Temp\catchme.sys [X]
    U1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U3 TlntSvr; no ImagePath
    U3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    U3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    U3 mbr; \??\C:\ComboFix\mbr.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-09 19:06 - 2015-09-09 19:06 - 00019993 _____ C:\Documents and Settings\Boz\Desktop\FRST.txt
    2015-09-09 18:56 - 2015-09-09 18:58 - 00000750 _____ C:\WINDOWS\Tasks\McAfee Cleanup.job
    2015-09-09 18:54 - 2015-09-09 18:55 - 04923920 _____ (McAfee, Inc.) C:\Documents and Settings\Boz\Desktop\MCPR.exe
    2015-09-09 18:43 - 2015-09-09 18:57 - 00000000 ____D C:\Documents and Settings\Boz\Local Settings\temp
    2015-09-09 18:43 - 2015-09-09 18:43 - 00016290 _____ C:\ComboFix.txt
    2015-09-09 18:43 - 2015-09-09 18:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
    2015-09-09 18:43 - 2015-09-09 18:43 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
    2015-09-09 18:43 - 2015-09-09 18:43 - 00000000 ____D C:\Documents and Settings\Guest248\Local Settings\temp
    2015-09-09 18:43 - 2015-09-09 18:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
    2015-09-09 18:09 - 2015-09-09 18:09 - 00000000 _RSHD C:\cmdcons
    2015-09-09 18:09 - 2010-01-04 18:47 - 00000211 _____ C:\Boot.bak
    2015-09-09 18:09 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
    2015-09-09 17:49 - 2015-09-09 17:49 - 00208896 _____ C:\WINDOWS\MBR.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00256000 _____ C:\WINDOWS\PEV.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00098816 _____ C:\WINDOWS\sed.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00080412 _____ C:\WINDOWS\grep.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00068096 _____ C:\WINDOWS\zip.exe
    2015-09-09 17:49 - 2015-09-09 17:46 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2015-09-09 17:47 - 2015-09-09 18:43 - 00000000 ____D C:\Qoobox
    2015-09-09 17:41 - 2015-09-09 17:41 - 05635119 ____R (Swearware) C:\Documents and Settings\Boz\Desktop\ComboFix.exe
    2015-09-08 21:21 - 2015-09-08 21:22 - 01799392 _____ (Malwarebytes Corporation) C:\Documents and Settings\Boz\Desktop\JRT.exe
    2015-09-08 20:12 - 2015-09-08 20:53 - 00000000 ____D C:\AdwCleaner
    2015-09-08 20:10 - 2015-09-08 20:10 - 01660416 _____ C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe
    2015-09-08 20:05 - 2015-09-08 20:05 - 00001194 _____ C:\Documents and Settings\Boz\Desktop\mbam.txt
    2015-09-08 18:23 - 2015-09-08 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
    2015-09-08 18:23 - 2015-09-08 18:23 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-09-08 18:16 - 2015-09-08 18:20 - 18779208 _____ C:\Documents and Settings\Boz\Desktop\RogueKiller.exe
    2015-09-07 20:23 - 2015-09-09 19:06 - 00000000 ____D C:\FRST
    2015-09-07 20:22 - 2015-09-07 20:22 - 01692160 _____ (Farbar) C:\Documents and Settings\Boz\Desktop\FRST.exe
    2015-09-07 19:49 - 2015-09-07 19:49 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-09-07 19:49 - 2015-09-07 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2015-09-07 19:41 - 2015-09-08 20:55 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e9d76a98ab18.job
    2015-09-07 19:41 - 2015-09-08 20:55 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-20 13:00 - 2015-08-20 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo Security Solutions Inc
    2015-08-20 12:59 - 2015-08-20 12:59 - 00000000 ____D C:\Program Files\Common Files\COMODO

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-09 19:05 - 2015-05-25 12:30 - 00025906 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
    2015-09-09 19:04 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
    2015-09-09 19:01 - 2015-02-03 21:49 - 01250193 _____ C:\WINDOWS\system32\Drivers\sfi.dat
    2015-09-09 18:44 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    2015-09-09 18:44 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
    2015-09-09 18:44 - 2015-02-03 21:51 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
    2015-09-09 18:43 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-09 18:37 - 2004-08-10 11:51 - 00000227 _____ C:\WINDOWS\system.ini
    2015-09-09 18:09 - 2005-10-13 11:58 - 00000327 __RSH C:\boot.ini
    2015-09-09 17:24 - 2013-11-14 04:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-09-09 17:23 - 2009-01-17 16:46 - 00843773 _____ C:\WINDOWS\setupapi.log
    2015-09-09 03:10 - 2013-07-16 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-09-08 21:12 - 2008-10-23 22:17 - 00000000 ____D C:\Documents and Settings\Boz\Application Data\BitTorrent
    2015-09-08 20:56 - 2014-07-28 23:04 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-09-08 20:55 - 2005-10-25 21:01 - 00000178 ___SH C:\Documents and Settings\Boz\ntuser.ini
    2015-09-08 20:55 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2015-09-08 20:53 - 2010-01-05 22:32 - 00000000 ____D C:\Documents and Settings\Boz\Application Data\Yahoo!
    2015-09-08 15:00 - 2014-04-09 20:38 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-09-08 13:19 - 2015-02-02 19:04 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-09-07 19:49 - 2012-08-29 23:34 - 00000000 ____D C:\Program Files\Google
    2015-09-07 19:48 - 2012-02-11 18:28 - 00000000 ____D C:\Program Files\PeerBlock
    2015-09-07 19:36 - 2004-08-10 12:02 - 01504836 _____ C:\WINDOWS\WindowsUpdate.log
    2015-09-07 19:25 - 2004-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2015-09-07 19:25 - 2004-08-10 11:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
    2015-09-07 19:24 - 2004-08-10 12:08 - 00032402 _____ C:\WINDOWS\SchedLgU.Txt
    2015-09-07 02:07 - 2014-07-28 23:04 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-09-07 02:07 - 2014-07-28 23:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-09-07 02:07 - 2014-07-28 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-07 02:07 - 2012-09-01 21:51 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-09-07 02:07 - 2012-09-01 21:51 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-06 13:59 - 2005-10-26 17:22 - 00120320 _____ C:\Documents and Settings\Boz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-09-06 12:45 - 2012-04-04 22:23 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-09-06 12:45 - 2011-10-05 09:45 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-08-26 18:36 - 2005-10-27 19:47 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-08-20 21:49 - 2015-02-03 21:46 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    2015-08-20 13:00 - 2015-02-03 21:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo

    ==================== Files in the root of some directories =======

    2010-08-16 00:00 - 2010-08-16 00:00 - 10864104 _____ (PokerStars) C:\Program Files\PokerStarsInstall.exe
    2010-01-12 23:32 - 2010-01-12 23:38 - 0010584 _____ () C:\Documents and Settings\Boz\Application Data\docXConverter (3).ini
    2010-01-12 23:35 - 2010-01-12 23:36 - 0000132 ____H () C:\Documents and Settings\Boz\Application Data\lakerda1967.sys
    2005-10-26 17:27 - 2005-10-26 17:27 - 0012358 _____ () C:\Documents and Settings\Boz\Application Data\PFP120JCM.{PB
    2005-10-26 17:27 - 2005-10-26 17:27 - 0061678 _____ () C:\Documents and Settings\Boz\Application Data\PFP120JPR.{PB
    2011-08-28 15:26 - 2013-12-26 22:33 - 0000154 _____ () C:\Documents and Settings\Boz\Application Data\Rim.Desktop.Exception.log
    2011-08-28 15:18 - 2013-12-28 20:07 - 0002161 _____ () C:\Documents and Settings\Boz\Application Data\Rim.Desktop.HttpServerSetup.log
    2011-08-28 15:27 - 2013-12-26 22:32 - 0000231 _____ () C:\Documents and Settings\Boz\Application Data\Rim.DesktopHelper.Exception.log
    2005-10-26 17:22 - 2015-09-06 13:59 - 0120320 _____ () C:\Documents and Settings\Boz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-01-23 22:33 - 2008-01-23 22:33 - 0000126 _____ () C:\Documents and Settings\Boz\Local Settings\Application Data\fusioncache.dat

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================
     
  15. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-09-2015
    Ran by Boz (2015-09-09 19:07:57)
    Running from C:\Documents and Settings\Boz\Desktop
    Microsoft Windows XP Service Pack 3 (X86) (2005-10-26 03:01:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-243343400-2573606588-2901852968-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Boz (S-1-5-21-243343400-2573606588-2901852968-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Boz
    Guest (S-1-5-21-243343400-2573606588-2901852968-501 - Limited - Enabled)
    Guest248 (S-1-5-21-243343400-2573606588-2901852968-1010 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Guest248
    HelpAssistant (S-1-5-21-243343400-2573606588-2901852968-1005 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-243343400-2573606588-2901852968-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    888poker (HKLM\...\888poker) (Version: - )
    Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Camera Suite 1.3 (HKLM\...\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}) (Version: - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5150 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.13-050414a2-023179C-Dell - )
    BIG-IP Edge Client Components (All Users) (HKLM\...\F5 Networks Client Components) (Version: 70.2013.0426.1849 - F5 Networks, Inc.)
    BitTorrent (HKU\S-1-5-21-243343400-2573606588-2901852968-1006\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
    BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Chromodo (HKLM\...\Chromodo) (Version: 36.7.0.8 - Comodo)
    Citrix Web Client (HKLM\...\Citrix Web Client) (Version: - )
    Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.24 - BVRP Software)
    COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
    Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
    Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
    Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
    Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
    DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000 - Hewlett-Packard) Hidden
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    F4400 (Version: 130.0.448.000 - Hewlett-Packard) Hidden
    FIBzilla Backgammon 5.0.46 (HKLM\...\FIBzilla_is1) (Version: - )
    GeekBuddy (HKLM\...\{AA722B93-B5B3-48DE-912A-81C0926D22AE}) (Version: 4.21.144 - Comodo Security Solutions Inc)
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    Intel(R) PROSet for Wired Connections (HKLM\...\{4CEA6811-DFAD-4892-828D-49941FE3B779}) (Version: 9.30.0000 - Dell)
    iPod for Windows 2005-03-23 (HKLM\...\InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}) (Version: 3.8.0 - Apple Computer, Inc.)
    iPod for Windows 2005-03-23 (Version: 3.8.0 - Apple Computer, Inc.) Hidden
    iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
    Linksys Wireless-G USB Network Adapter (HKLM\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version: - )
    Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version: 10.1.0.11 - Macromedia, Inc.)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    MINITAB 14 Student (HKLM\...\InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}) (Version: 14 - Minitab, Inc.)
    MINITAB 14 Student (Version: 14 - Minitab, Inc.) Hidden
    Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    PokerStars (HKLM\...\PokerStars) (Version: 1.726 - PokerStars)
    PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
    Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
    QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    R for Windows 2.9.0 (HKLM\...\R for Windows 2.9.0_is1) (Version: 2.9.0 - R Development Core Team)
    Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Rosetta Stone (HKLM\...\The Rosetta Stone) (Version: - )
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    XP Codec Pack (HKLM\...\XP Codec Pack) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{019DB8F5-D455-4B23-88A0-C9C57B6A0E76}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{0F8778CF-72A5-4275-835E-1F5395F7D437}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{124824DB-D7AC-447E-8103-D4ED58A0CEFF}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{15B62A81-9030-478E-A467-26F6B8223866}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{16AF398F-0DE4-4CB1-A0A3-E58D6E34EF86}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{17CAD714-24C4-474E-97D4-4C5A50046791}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{17F7035D-4162-4ef4-B515-D739E2E6A937}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{184092C4-EA10-43A4-A109-40A6E2F2248C}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6A}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6B}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{22FE1038-DEF4-4581-8F56-9E4D657D669C}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{248F9A18-25ED-4001-AB85-5112B11A2741}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{272D77A0-A852-4851-ADA4-9091FEAD4C86}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{2A55FF12-1657-41D7-9D2D-A2CDC6978FF2}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{2F75E451-A88C-4939-BFE5-D92D48C102F2}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{3C2F3B51-E98E-48C6-BFD2-2C77017D796F}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{3E8E0584-1B63-46DF-8783-EAE6DB9859DD}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{4578D46F-1AAF-4FA6-AD9C-401A97CFA291}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{4C0F53A1-B3DD-401D-86F0-E9E2D07BF711}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{5611AC6E-60BD-4C61-B1B2-793037310CA7}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{5F9C8C75-CBFE-4D3B-BD74-49A8F8D8D5A8}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{6B4BDFB0-40F4-4F5F-9548-2CC92F5CF69B}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{705E9CBC-C2A1-4BFA-AA29-B12765894DE4}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{70F8BCC5-643D-445A-8362-DD6536A68514}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{72C068B4-E220-4CBA-8D2E-87E915A842FF}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{73772CC1-3B62-49D8-844C-0C1CE3FAD942}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{75183C2F-8CE0-4C7B-B22A-38979D4E3275}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{78A09728-E250-47CE-A383-0AADAA9359E2}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{7C21821C-4F7F-4F1B-A53E-D07B2800878A}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{7C32A8A2-17B8-4925-9699-9863A9B7BCB8}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{7D08E09D-40AA-469A-8D01-DCCC7F5783C4}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{8206BCD3-F6D5-4D6F-968C-C22A0672A466}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{8566B372-D0F6-4136-8C5E-7E368EBC85B4}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{8CBE7C53-2B83-48CC-A235-8B12C764FADF}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{9007D794-86D5-4211-83EC-BF168D77BDF3}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{90ADA535-B920-4A7D-9E47-77909A574355}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{96B9D0ED-14BD-4454-A619-96BA665B0992}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{96B9D0ED-6558-4327-AE70-E693767C40A0}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{9FC5E60A-0B81-4177-B84F-63ABF5B8C9C9}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A0D8253C-199C-47B0-B183-81ED97FC2760}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A1BDD89E-DC7C-41FB-AD2D-A7D6C3B531F6}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A249EBBE-9DF3-4672-A64F-D47DCDD8B314}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A4DCA218-AC9E-4D1F-8600-C5B1F390D408}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A539FCC4-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A539FCC5-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{A8786FBA-B1E0-41D8-9A3E-F56D4E226A51}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BC4EB321-771F-4E9F-AF67-37C631ECA106}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BE4F19BF-FF14-4C06-AB7A-77E76CCE2F5A}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{BEB7FFE8-37BA-4849-AE26-7A10EF20A303}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{C197E022-262A-4306-A4D2-4B497F048514}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{C3B05695-AE2C-4FD5-A191-2E4C782C03E0}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CD5DA7BE-393D-422C-818C-1273327C23C5}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CF2521A7-4029-4CC1-8C6E-F82BD82BB343}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{CF85704E-2B43-47E7-9B02-C8AF2694E2D0}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{D677B967-820F-4E84-B43A-118270FFFB80}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{DB6CB9F9-228F-46BD-9B36-1125F6801891}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{E3873273-0855-4fc8-8C9E-084145F505B2}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\XCPCSync.dll (iAnywhere Solutions, Inc.)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EBC7A7B5-C614-47B3-A579-27A2C2C98A13}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\ProfMan.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{EF0FEE6D-D035-4DFB-856B-947897D39A3C}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\XCPCRdmptn.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{F7EF9722-1DEA-4430-B830-C54B382FC90C}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FC31293E-3239-4C12-8FC6-B2B09F62FA3F}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FC583D50-A2F5-4656-8B1D-360488B183D3}\InprocServer32 -> C:\Program Files\Common Files\XCPCSync.OEM\SyncSDK.209.601\Translators\MSOl\ProfMan.dll (Advanced Messaging Systems LLC)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FC86AD6C-894A-44E9-A283-4B5A9DD6CA65}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
    CustomCLSID: HKU\S-1-5-21-243343400-2573606588-2901852968-1006_Classes\CLSID\{FE5106C0-C8E6-4D53-880C-BED388E6FC75}\InprocServer32 -> C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
     
  16. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    ==================== Restore Points =========================

    Could not list restore points
    Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-09-03 13:03 - 2015-09-09 18:36 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e9d76a98ab18.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\McAfee Cleanup.job => C:\DOCUME~1\Boz\LOCALS~1\Temp\MCPR\mccleanup.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-04-24 22:34 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2005-10-27 19:26 - 2004-06-30 17:12 - 00077824 _____ () C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
    2005-10-27 19:26 - 2002-04-24 00:00 - 00110592 _____ () C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL
    2005-10-27 19:27 - 2003-10-13 15:30 - 00094208 _____ () C:\WINDOWS\system32\GTW32N50.dll
    2013-04-15 18:39 - 2015-01-08 16:02 - 00061152 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\grep.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\MBR.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\NIRCMD.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\PEV.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\sed.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SWREG.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SWSC.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SWXCACLS.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\zip.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\certsentry.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl.sys:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\ComboFix.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\ComboFix.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\FRST.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\FRST.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\MCPR.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\MCPR.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\RogueKiller.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\RogueKiller.exe:$CmdZnID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
    IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
    IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
    IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> www.1sexparty.com
    IE restricted site: HKU\.DEFAULT\...\1stantivirus.com -> www.1stantivirus.com
    IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> www.1stpagehere.com
    IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> www.1stsearchportal.com
    IE restricted site: HKU\.DEFAULT\...\2006ooo.com -> www.2006ooo.com
    IE restricted site: HKU\.DEFAULT\...\2020search.com -> www.2020search.com
    IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
    IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> www.24-7searching-and-more.com
    IE restricted site: HKU\.DEFAULT\...\24teen.com -> www.24teen.com

    There are 1236 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Boz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.1.1
    sharedaccess Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\msncall.exe] => Enabled:Windows Live Messenger 8.0 (Phone)
    DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger 8.1
    DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
    DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\WUAUCLT.EXE] => Enabled:Windows Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\WUAUCLT.EXE] => Enabled:Windows Update
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Boz\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe] => Enabled:BlackBerry Desktop Software
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [4481:TCP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    StandardProfile\GloballyOpenPorts: [4481:UDP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    StandardProfile\GloballyOpenPorts: [4482:TCP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    StandardProfile\GloballyOpenPorts: [4482:UDP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Could not start eventlog service, could not read events.

    System error 123 has occurred.

    The filename, directory name, or volume label syntax is incorrect.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of memory in use: 42%
    Total physical RAM: 1022.09 MB
    Available physical RAM: 586.53 MB
    Total Virtual: 2459.39 MB
    Available Virtual: 1848.3 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:229.77 GB) (Free:156.56 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.8 GB) (Disk ID: D0F4738C)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Active) - (Size=229.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

    ==================== End of Addition.txt ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Saved fixlist.txt to my desktop. Ran FRST, pressed Fix once, and instantly an error message appears saying the program has encountered a problem and needs to close. Tried twice. Same result both tries...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Restart computer, delete FRST file, download fresh one and try again.
     
  20. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Fix result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01
    Ran by Boz (2015-09-10 18:50:24) Run:3
    Running from C:\Documents and Settings\Boz\Desktop
    Loaded Profiles: Boz (Available Profiles: Boz & Guest248 & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-243343400-2573606588-2901852968-1006 -> {2528085A-2B78-48B2-BBE1-B7A5429C91C7} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    Toolbar: HKU\S-1-5-21-243343400-2573606588-2901852968-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Remoting Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll No File
    CHR Plugin: (Java) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    CHR Plugin: (iTunes Application Detector) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    U3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [X]
    U2 WUSB54Gv4SVC; "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" [X]
    U3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
    U3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
    C:\WINDOWS\System32\drivers\mferkdk.sys
    C:\WINDOWS\System32\drivers\mfesmfk.sys
    U3 bvrp_pci; no ImagePath
    U3 catchme; \??\C:\DOCUME~1\Boz\LOCALS~1\Temp\catchme.sys [X]
    U1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U3 TlntSvr; no ImagePath
    U3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    U3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    U3 mbr; \??\C:\ComboFix\mbr.sys [X]
    2015-09-09 18:56 - 2015-09-09 18:58 - 00000750 _____ C:\WINDOWS\Tasks\McAfee Cleanup.job
    2015-09-09 18:54 - 2015-09-09 18:55 - 04923920 _____ (McAfee, Inc.) C:\Documents and Settings\Boz\Desktop\MCPR.exe
    2010-08-16 00:00 - 2010-08-16 00:00 - 10864104 _____ (PokerStars) C:\Program Files\PokerStarsInstall.exe
    2010-01-12 23:32 - 2010-01-12 23:38 - 0010584 _____ () C:\Documents and Settings\Boz\Application Data\docXConverter (3).ini
    2010-01-12 23:35 - 2010-01-12 23:36 - 0000132 ____H () C:\Documents and Settings\Boz\Application Data\lakerda1967.sys
    2005-10-26 17:27 - 2005-10-26 17:27 - 0012358 _____ () C:\Documents and Settings\Boz\Application Data\PFP120JCM.{PB
    2005-10-26 17:27 - 2005-10-26 17:27 - 0061678 _____ () C:\Documents and Settings\Boz\Application Data\PFP120JPR.{PB
    2011-08-28 15:26 - 2013-12-26 22:33 - 0000154 _____ () C:\Documents and Settings\Boz\Application Data\Rim.Desktop.Exception.log
    2011-08-28 15:18 - 2013-12-28 20:07 - 0002161 _____ () C:\Documents and Settings\Boz\Application Data\Rim.Desktop.HttpServerSetup.log
    2011-08-28 15:27 - 2013-12-26 22:32 - 0000231 _____ () C:\Documents and Settings\Boz\Application Data\Rim.DesktopHelper.Exception.log
    2005-10-26 17:22 - 2015-09-06 13:59 - 0120320 _____ () C:\Documents and Settings\Boz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-01-23 22:33 - 2008-01-23 22:33 - 0000126 _____ () C:\Documents and Settings\Boz\Local Settings\Application Data\fusioncache.dat
    Task: C:\WINDOWS\Tasks\McAfee Cleanup.job => C:\DOCUME~1\Boz\LOCALS~1\Temp\MCPR\mccleanup.exe <==== ATTENTION
    C:\DOCUME~1\Boz\LOCALS~1\Temp\MCPR\mccleanup.exe
    AlternateDataStreams: C:\WINDOWS\grep.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\MBR.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\NIRCMD.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\PEV.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\sed.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SWREG.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SWSC.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SWXCACLS.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\zip.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\certsentry.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl.sys:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\ComboFix.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\ComboFix.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\FRST.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\FRST.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\MCPR.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\MCPR.exe:$CmdZnID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\RogueKiller.exe:$CmdTcID
    AlternateDataStreams: C:\Documents and Settings\Boz\Desktop\RogueKiller.exe:$CmdZnID



    *****************


    ========= RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
    "HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


    ========= End of RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    "HKU\S-1-5-21-243343400-2573606588-2901852968-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2528085A-2B78-48B2-BBE1-B7A5429C91C7}" => key removed successfully.
    HKCR\CLSID\{2528085A-2B78-48B2-BBE1-B7A5429C91C7} => key not found.
    HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully.
    HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found.
    C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => not found.
    C:\Program Files\Google\Chrome\Application\45.0.2454.85\gcswf32.dll => not found.
    C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => not found.
    C:\Program Files\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll => not found.
    C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll => not found.
    C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
    C:\WINDOWS\system32\npdeployJava1.dll => not found.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => not found.
    c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
    AppMgmt => service removed successfully.
    WUSB54Gv4SVC => service removed successfully.
    mferkdk => service removed successfully.
    mfesmfk => service removed successfully.
    C:\WINDOWS\System32\drivers\mferkdk.sys => moved successfully
    C:\WINDOWS\System32\drivers\mfesmfk.sys => moved successfully
    bvrp_pci => service removed successfully.
    catchme => service removed successfully.
    SBRE => service removed successfully.
    TlntSvr => service removed successfully.
    VMnetAdapter => service removed successfully.
    wanatw => service removed successfully.
    mbr => service not found.
    C:\WINDOWS\Tasks\McAfee Cleanup.job => moved successfully
    C:\Documents and Settings\Boz\Desktop\MCPR.exe => moved successfully
    C:\Program Files\PokerStarsInstall.exe => moved successfully
    C:\Documents and Settings\Boz\Application Data\docXConverter (3).ini => moved successfully
    C:\Documents and Settings\Boz\Application Data\lakerda1967.sys => moved successfully
    C:\Documents and Settings\Boz\Application Data\PFP120JCM.{PB => moved successfully
    C:\Documents and Settings\Boz\Application Data\PFP120JPR.{PB => moved successfully
    C:\Documents and Settings\Boz\Application Data\Rim.Desktop.Exception.log => moved successfully
    C:\Documents and Settings\Boz\Application Data\Rim.Desktop.HttpServerSetup.log => moved successfully
    C:\Documents and Settings\Boz\Application Data\Rim.DesktopHelper.Exception.log => moved successfully
    C:\Documents and Settings\Boz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Documents and Settings\Boz\Local Settings\Application Data\fusioncache.dat => moved successfully
    C:\WINDOWS\Tasks\McAfee Cleanup.job => not found.
    C:\DOCUME~1\Boz\LOCALS~1\Temp\MCPR\mccleanup.exe => moved successfully
    C:\WINDOWS\grep.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\MBR.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\NIRCMD.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\PEV.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\sed.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\SWREG.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\SWSC.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\SWXCACLS.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\zip.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\system32\certsentry.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\system32\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\system32\usbaaplrc.dll => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\system32\Drivers\mbam.sys => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\system32\Drivers\mbamchameleon.sys => ":$CmdTcID" ADS removed successfully..
    C:\WINDOWS\system32\Drivers\usbaapl.sys => ":$CmdTcID" ADS removed successfully..
    C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe => ":$CmdTcID" ADS removed successfully..
    C:\Documents and Settings\Boz\Desktop\adwcleaner_5.007.exe => ":$CmdZnID" ADS removed successfully..
    "C:\Documents and Settings\Boz\Desktop\ComboFix.exe" => ":$CmdTcID" ADS not found.
    "C:\Documents and Settings\Boz\Desktop\ComboFix.exe" => ":$CmdZnID" ADS not found.
    "C:\Documents and Settings\Boz\Desktop\FRST.exe" => ":$CmdTcID" ADS not found.
    "C:\Documents and Settings\Boz\Desktop\FRST.exe" => ":$CmdZnID" ADS not found.
    C:\Documents and Settings\Boz\Desktop\JRT.exe => ":$CmdTcID" ADS removed successfully..
    C:\Documents and Settings\Boz\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully..
    "C:\Documents and Settings\Boz\Desktop\MCPR.exe" => ":$CmdTcID" ADS not found.
    "C:\Documents and Settings\Boz\Desktop\MCPR.exe" => ":$CmdZnID" ADS not found.
    C:\Documents and Settings\Boz\Desktop\RogueKiller.exe => ":$CmdTcID" ADS removed successfully..
    C:\Documents and Settings\Boz\Desktop\RogueKiller.exe => ":$CmdZnID" ADS removed successfully..

    ==== End of Fixlog 18:50:56 ====
     
  21. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  22. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Results of screen317's Security Check version 1.008
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    ESET Online Scanner v3
    COMODO Internet Security Premium
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    SUPERAntiSpyware
    Java 7 Update 45
    Java version 32-bit out of Date!
    Adobe Flash Player 18.0.0.232
    Adobe Reader XI
    Google Chrome (45.0.2454.85)
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Comodo Firewall cmdagent.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  23. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    Farbar Service Scanner Version: 26-07-2015
    Ran by Boz (administrator) on 10-09-2015 at 19:40:40
    Running from "C:\Documents and Settings\Boz\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    cmdHlp(13) Gpc(6) IPSec(4) MDC8021X(8) NetBT(5) PSched(7) Tcpip(3)
    0x0C000000040000000100000002000000030000000D000000090000000600000007000000080000000A0000000C00000005000000
    IpSec Tag value is correct.

    **** End of log ****
     
  24. zobbin

    zobbin TS Rookie Topic Starter Posts: 86

    2015-09-11 02:12:35.078 Sophos Virus Removal Tool version 2.5.4
    2015-09-11 02:12:35.078 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-09-11 02:12:35.078 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-09-11 02:12:35.078 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
    2015-09-11 02:12:35.093 Checking for updates...
    2015-09-11 02:12:36.140 Update progress: proxy server not available
    2015-09-11 02:13:39.078 Option all = no
    2015-09-11 02:13:39.078 Option recurse = yes
    2015-09-11 02:13:39.078 Option archive = no
    2015-09-11 02:13:39.078 Option service = yes
    2015-09-11 02:13:39.078 Option confirm = yes
    2015-09-11 02:13:39.078 Option sxl = yes
    2015-09-11 02:13:39.078 Option max-data-age = 35
    2015-09-11 02:13:39.078 Option EnableSafeClean = yes
    2015-09-11 02:13:40.703 Option vdl-logging = yes
    2015-09-11 02:13:40.906 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-09-11 02:13:40.906 Machine ID: 4bcdbfece4664b3f9e3e9547aaf07a7c
    2015-09-11 02:13:41.234 Component SVRTcli.exe version 2.5.4
    2015-09-11 02:13:41.234 Component control.dll version 2.5.4
    2015-09-11 02:13:41.234 Component SVRTservice.exe version 2.5.4
    2015-09-11 02:13:41.234 Component engine\osdp.dll version 1.44.1.2210
    2015-09-11 02:13:41.234 Component engine\veex.dll version 3.61.0.2210
    2015-09-11 02:13:41.234 Component engine\savi.dll version 8.1.8.2210
    2015-09-11 02:13:41.500 Component rkdisk.dll version 1.5.30.0
    2015-09-11 02:13:41.500 Version info: Product version 2.5.4
    2015-09-11 02:13:41.531 Version info: Detection engine 3.61.0
    2015-09-11 02:13:41.531 Version info: Detection data 5.18
    2015-09-11 02:13:41.546 Version info: Build date 8/18/2015
    2015-09-11 02:13:41.546 Version info: Data files added 337
    2015-09-11 02:13:41.546 Version info: Last successful update (not yet updated)
    2015-09-11 02:16:23.640 Downloading updates...
    2015-09-11 02:16:23.640 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-09-11 02:16:23.640 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-09-11 02:16:23.640 Update progress: [I49502] Found supplement IDE519 LATEST
    2015-09-11 02:16:23.640 Update progress: [I49502] Found supplement IDE520 LATEST
    2015-09-11 02:16:23.640 Update progress: [I49502] Found supplement IDE521 LATEST
    2015-09-11 02:16:23.640 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-09-11 02:16:23.640 Update progress: [I19463] Syncing product SAVIW32 59
    2015-09-11 02:16:49.859 Update progress: [I19463] Syncing product IDE519 196
    2015-09-11 02:16:57.171 Installing updates...
    2015-09-11 02:17:02.218 Error level 1
    2015-09-11 02:17:03.234 Update progress: [I19463] Syncing product IDE520 143
    2015-09-11 02:17:03.234 Update progress: [I19463] Syncing product IDE521 1
    2015-09-11 02:18:21.750 Update successful
    2015-09-11 02:19:18.296 Option all = no
    2015-09-11 02:19:18.296 Option recurse = yes
    2015-09-11 02:19:18.296 Option archive = no
    2015-09-11 02:19:18.296 Option service = yes
    2015-09-11 02:19:18.296 Option confirm = yes
    2015-09-11 02:19:18.296 Option sxl = yes
    2015-09-11 02:19:18.312 Option max-data-age = 35
    2015-09-11 02:19:18.312 Option EnableSafeClean = yes
    2015-09-11 02:19:18.656 Option vdl-logging = yes
    2015-09-11 02:19:18.718 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-09-11 02:19:18.718 Machine ID: 4bcdbfece4664b3f9e3e9547aaf07a7c
    2015-09-11 02:19:18.812 Component SVRTcli.exe version 2.5.4
    2015-09-11 02:19:18.812 Component control.dll version 2.5.4
    2015-09-11 02:19:18.812 Component SVRTservice.exe version 2.5.4
    2015-09-11 02:19:18.812 Component engine\osdp.dll version 1.44.1.2210
    2015-09-11 02:19:18.812 Component engine\veex.dll version 3.61.0.2210
    2015-09-11 02:19:18.812 Component engine\savi.dll version 8.1.8.2210
    2015-09-11 02:19:18.890 Component rkdisk.dll version 1.5.30.0
    2015-09-11 02:19:18.890 Version info: Product version 2.5.4
    2015-09-11 02:19:18.890 Version info: Detection engine 3.61.0
    2015-09-11 02:19:18.890 Version info: Detection data 5.18G
    2015-09-11 02:19:18.890 Version info: Build date 8/18/2015
    2015-09-11 02:19:18.890 Version info: Data files added 337
    2015-09-11 02:19:18.890 Version info: Last successful update 9/10/2015 8:18:21 PM

    2015-09-11 03:59:48.359 >>> Virus 'Andr/DroidRt-M' found in file C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{453C589B-B1CF-420D-88D0-24C653553F01}
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKU\S-1-5-21-243343400-2573606588-2901852968-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-09-11 03:59:48.406 >>> Virus 'Andr/DroidRt-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2015-09-11 04:05:40.875 Could not open C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Current Session
    2015-09-11 04:05:40.937 Could not check C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-09-11 04:05:40.984 Could not check C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-09-11 04:05:43.843 Could not check C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Local Extension Settings\aneodkojaglhnkkdbbdnmmmgimlcaogo\LOCK (virus scan failed)
    2015-09-11 04:05:43.875 Could not check C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-09-11 04:05:44.343 Could not check C:\Documents and Settings\Boz\Local Settings\Application Data\Comodo\Chromodo\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-09-11 04:10:14.187 Could not open C:\hiberfil.sys
    2015-09-11 04:13:40.781 Could not check C:\NewFolder\Data Recovery 2014-09-20 at 15.21.29\Deleted File Recovery\C\Lost Location\DIR00000002\p_24717_128_72[1].jpg (corrupt)
    2015-09-11 05:19:03.234 The following items will be cleaned up:
    2015-09-11 05:19:03.265 Andr/DroidRt-M
     
  25. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    =====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...