Solved Av knocked out

[Broni]

FRST reports:

Running from F:\Downloads

Move FRST file to proper location - Desktop.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[curleww]

My apologies

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 02
Ran by m (administrator) on 5F5A4C13557347C (15-09-2015 01:34:12)
Running from C:\Documents and Settings\m\Desktop
Loaded Profiles: m (Available Profiles: m & K & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(GlavSoft LLC.) C:\Program Files\Common Files\Comodo\tvnserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [28672 2003-02-20] (Creative Technology Ltd)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
HKLM\...\Run: [ScanSoft OmniPage SE 4.0-reminder] => C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe [1410600 2006-09-26] (Nuance Communications, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [132704 2006-10-26] (CANON INC.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-18] (Oracle Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1361088 2015-08-05] (COMODO)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Creative MediaSource Go] => C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe [126976 2002-11-25] (Creative Technology Ltd)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-03-22]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2014-03-09]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\m\Start Menu\Programs\StartUp\Serviio.lnk [2015-07-29]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{6526F4AF-2682-4DA1-A996-44C2CC3DA0B6}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{70C2F4ED-25C2-496E-B381-4222D511273F}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{BE8BAB0A-A427-4D7A-99F9-C5BA65B9CB7E}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-1035525444-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-329068152-1035525444-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-329068152-1035525444-725345543-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-11-08] (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-28] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\m\Local Settings\Application Data\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Extension: RAMBack - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\ramback@pavlov.net.xpi [2014-07-19]
FF Extension: NoScript - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-13]

Chrome:
=======
CHR Profile: C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
StartMenuInternet: Google Chrome - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-08-19] (Comodo)
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-08-23] (Comodo Security Solutions Inc.)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4353840 2015-08-05] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664704 2015-08-05] (COMODO)
S2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
S2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-02] (Oki Data Corporation)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
S2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S2 SCWatch 4.0; C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe [364544 2007-05-17] (WhiteCanyon Inc.) [File not signed]
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2013-08-08] () [File not signed]
S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 tvnserver; C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
S2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S3 KOT; no ImagePath
S2 vpnclient; no ImagePath
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2010-10-06] (Meetinghouse Data Communications) [File not signed]
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA))
S3 AtlsAud; C:\WINDOWS\System32\drivers\AtlsAud.sys [21504 2002-12-03] (Dell Computer Corporation)
S1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-06-03] () [File not signed]
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation. ) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2010-09-27] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2010-09-27] (Roxio) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-05] (COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-05] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-05] (COMODO)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology Ltd)
S3 EMATCORE; C:\WINDOWS\System32\Drivers\AtlsVid.sys [134304 2002-12-04] (Dell Computer Corporation)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-08-17] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105664 2015-08-05] (COMODO)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\WINDOWS\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [485808 2012-01-09] (Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-07] (Malwarebytes Corporation)
S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [51968 2011-02-10] (Generic USB smartcard reader)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-11-09] (Intel Corporation )
S3 ndiscm; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [14336 2003-08-10] (Motorola Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Neo_vpn jp; C:\WINDOWS\System32\DRIVERS\Neo_0029.sys [22000 2012-08-07] (SoftEther Corporation)
S1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-11-11] (Padus, Inc.) [File not signed]
S2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [118656 2009-02-25] (TRENDware International, Inc )
S3 SEE; C:\WINDOWS\System32\drivers\see.sys [43104 2014-01-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2011-08-19] (The OpenVPN Project) [File not signed]
S3 USTORAGE; C:\WINDOWS\System32\DRIVERS\UStorage.sys [31104 2009-04-14] (USB Mass Storage.)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [526608 2012-05-03] (Check Point Software Technologies LTD)
S3 AFGMp50; no ImagePath
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 CFRMD; no ImagePath
S3 cpuz132; no ImagePath
U2 Irmon; no ImagePath
S1 SASDIFSV; no ImagePath
S1 SASKUTIL; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; no ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S1 vcdrom; no ImagePath
S3 ZTEusbmdm6k; no ImagePath
S3 ZTEusbnmea; no ImagePath
S3 ZTEusbser6k; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-11-13 20:58 - 2011-08-24 05:53 - 00000000 __SHD C:\WINDOWS\xxclone.arc
2015-09-15 01:34 - 2015-09-15 01:35 - 00020622 _____ C:\Documents and Settings\m\Desktop\FRST.txt
2015-09-12 23:16 - 2015-09-12 23:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-09-11 23:17 - 2015-09-15 01:35 - 00000000 ____D C:\Documents and Settings\m\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00024529 _____ C:\ComboFix.txt
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\M.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C.000\Local Settings\temp
2015-09-11 22:57 - 2015-09-11 22:57 - 00000000 _RSHD C:\cmdcons
2015-09-11 22:57 - 2015-07-29 21:02 - 00000338 _____ C:\Boot.bak
2015-09-11 22:57 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\sam.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2015-09-10 20:17 - 2015-09-10 20:17 - 00008192 ____H C:\WINDOWS\system32\config\security.tmp.LOG
2015-09-10 19:47 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-10 19:47 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-10 19:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-10 19:46 - 2015-09-10 19:46 - 00016280 _____ C:\FixitRegBackup.reg
2015-09-09 23:06 - 2015-09-09 23:11 - 05635119 ____R (Swearware) C:\Documents and Settings\m\Desktop\ComboFix.exe
2015-09-08 23:51 - 2015-09-08 23:51 - 00002798 _____ C:\Documents and Settings\m\Desktop\JRT.txt
2015-09-04 23:43 - 2015-09-05 11:30 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-04 23:43 - 2015-09-05 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-09-03 00:25 - 2015-09-15 01:34 - 00000000 ____D C:\FRST
2015-09-02 22:14 - 2015-09-13 23:53 - 01694208 _____ (Farbar) C:\Documents and Settings\m\Desktop\FRST.exe
2015-09-01 23:34 - 2015-09-01 23:34 - 00380598 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-1035525444-725345543-1003-0.dat
2015-08-30 22:11 - 2015-08-30 22:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2015-08-30 21:34 - 2015-08-30 21:34 - 00001695 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
2015-08-30 21:07 - 2015-08-30 21:07 - 00000702 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-08-29 22:43 - 2015-08-29 22:43 - 00000781 _____ C:\Documents and Settings\All Users\Desktop\Internet (Chromodo).lnk
2015-08-29 00:19 - 2015-09-01 23:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-08-28 00:36 - 2015-08-28 21:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-24 19:22 - 2015-08-24 19:22 - 00302760 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-08-21 22:51 - 2015-09-06 20:53 - 00000000 __SHD C:\WINDOWS\CSC
2015-08-20 23:36 - 2015-08-20 23:36 - 00000015 _____ C:\Documents and Settings\m\all
2015-08-17 23:36 - 2015-09-06 21:01 - 00032264 _____ C:\WINDOWS\setupapi.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 01:32 - 2012-10-11 23:45 - 00000000 ____D C:\Documents and Settings\m\Desktop\BBBB
2015-09-14 22:08 - 2014-02-25 05:26 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-14 20:00 - 2010-10-07 00:21 - 00213504 ____C C:\Documents and Settings\m\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-12 23:25 - 2010-09-09 16:42 - 01156072 ____C C:\WINDOWS\WindowsUpdate.log
2015-09-12 21:01 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\NetworkService
2015-09-11 23:17 - 2014-07-13 20:35 - 00000000 ____D C:\Qoobox
2015-09-11 23:13 - 2004-08-10 12:00 - 00000285 _____ C:\WINDOWS\system.ini
2015-09-11 23:12 - 2010-09-09 18:20 - 00000000 ____D C:\Documents and Settings\m
2015-09-11 22:57 - 2010-09-09 16:33 - 00000454 __RSH C:\boot.ini
2015-09-10 21:13 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\LocalService
2015-09-10 21:09 - 2014-07-13 20:31 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-10 20:19 - 2014-06-19 23:43 - 56360960 _____ C:\WINDOWS\system32\config\software.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 31195136 _____ C:\WINDOWS\system32\config\system.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 00028672 _____ C:\WINDOWS\system32\config\sam.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 05369856 _____ C:\WINDOWS\system32\config\default.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 00065536 _____ C:\WINDOWS\system32\config\security.bak
2015-09-10 20:19 - 2010-11-28 18:15 - 00000216 ____C C:\WINDOWS\wiadebug.log
2015-09-10 20:19 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settingsbkup.sfm
2015-09-10 20:19 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settings.sfm
2015-09-10 20:19 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-10 20:19 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-10 20:19 - 2010-09-09 18:20 - 00000178 __SHC C:\Documents and Settings\m\ntuser.ini
2015-09-10 19:48 - 2010-09-09 18:18 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-10 19:48 - 2010-09-09 18:18 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-09-10 19:39 - 2010-09-29 00:44 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job
2015-09-10 19:34 - 2010-09-27 14:57 - 04481358 _____ C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10031102}.CDF
2015-09-10 19:33 - 2015-08-10 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-10 19:31 - 2012-08-08 22:49 - 00000000 ____D C:\Documents and Settings\m\Application Data\vlc
2015-09-10 19:31 - 2011-01-09 20:33 - 00000000 ____D C:\Documents and Settings\m\Application Data\playitall
2015-09-10 19:28 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-09-10 19:21 - 2013-12-17 22:40 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-09-10 19:21 - 2010-09-09 16:40 - 00000000 ____D C:\WINDOWS\Registration
2015-09-10 19:19 - 2010-11-28 18:15 - 00000049 ____C C:\WINDOWS\wiaservc.log
2015-09-10 19:17 - 2014-03-10 12:04 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-08 20:56 - 2014-07-13 20:36 - 00000000 ____D C:\AdwCleaner
2015-09-07 14:17 - 2014-06-25 03:26 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 22:12 - 2010-11-02 00:16 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job
2015-09-03 21:39 - 2010-09-29 00:44 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job
2015-09-03 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-09-03 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-09-03 12:12 - 2010-11-02 00:16 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job
2015-09-01 23:35 - 2012-05-17 20:49 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-01 23:34 - 2012-05-14 01:39 - 00380598 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-01 23:34 - 2010-12-26 22:58 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-01 21:15 - 2010-09-09 16:42 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-01 01:14 - 2011-10-22 16:29 - 00000000 ____D C:\Program Files\WinFF
2015-09-01 01:12 - 2012-08-05 18:06 - 00000000 ____D C:\Documents and Settings\m\Desktop\ultra
2015-09-01 00:51 - 2011-09-02 23:33 - 00000000 ____D C:\Documents and Settings\m\Desktop\barcode
2015-09-01 00:51 - 2010-12-05 18:59 - 00000000 ____D C:\Documents and Settings\m\Desktop\New Folder (2)
2015-09-01 00:50 - 2010-10-29 23:10 - 00000000 ____D C:\Documents and Settings\m\Desktop\8
2015-08-31 00:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2015-08-30 21:54 - 2010-09-29 00:45 - 00002258 ____C C:\Documents and Settings\m\Desktop\Google Chrome.lnk
2015-08-30 21:34 - 2012-05-17 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2015-08-30 21:34 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2015-08-30 21:30 - 2012-05-17 20:36 - 00000000 ____D C:\Program Files\Comodo
2015-08-30 21:25 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Comodo
2015-08-29 21:35 - 2012-09-16 19:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 21:53 - 2012-04-17 13:54 - 00778440 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-28 21:53 - 2011-05-20 01:22 - 00142536 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-28 21:51 - 2014-09-11 20:21 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Adobe
2015-08-28 00:39 - 2011-08-18 23:36 - 00000000 ____D C:\Documents and Settings\m\Application Data\Skype
2015-08-28 00:33 - 2014-11-07 13:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-08-24 05:39 - 2012-06-04 00:10 - 00814149 ____C C:\Documents and Settings\m\Local Settings\Application Data\census.cache
2015-08-24 05:39 - 2012-06-04 00:10 - 00259338 ____C C:\Documents and Settings\m\Local Settings\Application Data\ars.cache
2015-08-20 23:45 - 2011-08-25 19:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-20 00:10 - 2004-08-10 12:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2015-08-19 01:09 - 2010-09-30 15:06 - 00000178 __SHC C:\Documents and Settings\K\ntuser.ini
2015-08-19 01:08 - 2010-09-30 15:06 - 00000000 ____D C:\Documents and Settings\K\Local Settings\Temp
2015-08-19 01:08 - 2010-09-30 15:06 - 00000000 ____D C:\Documents and Settings\K
2015-08-17 00:00 - 2015-08-03 00:01 - 00035992 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys

==================== Files in the root of some directories =======

2014-03-08 14:47 - 2014-03-08 14:47 - 0002528 ____C () C:\Documents and Settings\m\Application Data\$_hpcst$.hpc
2011-01-26 21:49 - 2012-04-18 12:46 - 0000031 ____C () C:\Documents and Settings\m\Application Data\Days5.ini
2013-05-26 00:21 - 2013-05-26 00:36 - 0000196 ____C () C:\Documents and Settings\m\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2014-08-02 22:49 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.Desktop.Exception.log
2014-08-02 22:50 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.DesktopHelper.Exception.log
2014-08-02 22:53 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.Transcoder.Exception.log
2012-06-11 22:35 - 2012-06-11 22:43 - 0214016 ____C () C:\Documents and Settings\m\Application Data\SharedSettings.ccs
2012-06-04 00:10 - 2015-08-24 05:39 - 0259338 ____C () C:\Documents and Settings\m\Local Settings\Application Data\ars.cache
2012-06-04 00:10 - 2015-08-24 05:39 - 0814149 ____C () C:\Documents and Settings\m\Local Settings\Application Data\census.cache
2014-02-23 02:29 - 2014-03-01 01:40 - 0000664 _____ () C:\Documents and Settings\m\Local Settings\Application Data\d3d9caps.dat
2010-10-07 00:21 - 2015-09-14 20:00 - 0213504 ____C () C:\Documents and Settings\m\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-09 18:24 - 2010-09-09 18:24 - 0000124 ____C () C:\Documents and Settings\m\Local Settings\Application Data\fusioncache.dat
2012-06-03 23:53 - 2012-06-03 23:53 - 0000036 ____C () C:\Documents and Settings\m\Local Settings\Application Data\housecall.guid.cache
2015-06-25 14:09 - 2015-06-25 14:09 - 0000218 _____ () C:\Documents and Settings\m\Local Settings\Application Data\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Documents and Settings\m\Local Settings\Application Data\setup.txt
2011-08-29 02:25 - 2011-08-29 19:34 - 0002770 ____C () C:\Documents and Settings\m\Local Settings\Application Data\video.torrent

Some files in TEMP:
====================
C:\Documents and Settings\K\Local Settings\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\K\Local Settings\temp\mediaget_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[curleww]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 02
Ran by m (administrator) on 5F5A4C13557347C (15-09-2015 01:34:12)
Running from C:\Documents and Settings\m\Desktop
Loaded Profiles: m (Available Profiles: m & K & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(GlavSoft LLC.) C:\Program Files\Common Files\Comodo\tvnserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [28672 2003-02-20] (Creative Technology Ltd)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
HKLM\...\Run: [ScanSoft OmniPage SE 4.0-reminder] => C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe [1410600 2006-09-26] (Nuance Communications, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [132704 2006-10-26] (CANON INC.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-18] (Oracle Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1361088 2015-08-05] (COMODO)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Creative MediaSource Go] => C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe [126976 2002-11-25] (Creative Technology Ltd)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-03-22]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2014-03-09]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\m\Start Menu\Programs\StartUp\Serviio.lnk [2015-07-29]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{6526F4AF-2682-4DA1-A996-44C2CC3DA0B6}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{70C2F4ED-25C2-496E-B381-4222D511273F}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{BE8BAB0A-A427-4D7A-99F9-C5BA65B9CB7E}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-1035525444-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-329068152-1035525444-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-329068152-1035525444-725345543-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-11-08] (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-28] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\m\Local Settings\Application Data\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Extension: RAMBack - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\ramback@pavlov.net.xpi [2014-07-19]
FF Extension: NoScript - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-13]

Chrome:
=======
CHR Profile: C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
StartMenuInternet: Google Chrome - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-08-19] (Comodo)
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-08-23] (Comodo Security Solutions Inc.)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4353840 2015-08-05] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664704 2015-08-05] (COMODO)
S2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
S2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-02] (Oki Data Corporation)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
S2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S2 SCWatch 4.0; C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe [364544 2007-05-17] (WhiteCanyon Inc.) [File not signed]
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2013-08-08] () [File not signed]
S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 tvnserver; C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
S2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S3 KOT; no ImagePath
S2 vpnclient; no ImagePath
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2010-10-06] (Meetinghouse Data Communications) [File not signed]
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA))
S3 AtlsAud; C:\WINDOWS\System32\drivers\AtlsAud.sys [21504 2002-12-03] (Dell Computer Corporation)
S1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-06-03] () [File not signed]
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation. ) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2010-09-27] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2010-09-27] (Roxio) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-05] (COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-05] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-05] (COMODO)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology Ltd)
S3 EMATCORE; C:\WINDOWS\System32\Drivers\AtlsVid.sys [134304 2002-12-04] (Dell Computer Corporation)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-08-17] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105664 2015-08-05] (COMODO)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\WINDOWS\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [485808 2012-01-09] (Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-07] (Malwarebytes Corporation)
S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [51968 2011-02-10] (Generic USB smartcard reader)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-11-09] (Intel Corporation )
S3 ndiscm; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [14336 2003-08-10] (Motorola Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Neo_vpn jp; C:\WINDOWS\System32\DRIVERS\Neo_0029.sys [22000 2012-08-07] (SoftEther Corporation)
S1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-11-11] (Padus, Inc.) [File not signed]
S2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [118656 2009-02-25] (TRENDware International, Inc )
S3 SEE; C:\WINDOWS\System32\drivers\see.sys [43104 2014-01-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2011-08-19] (The OpenVPN Project) [File not signed]
S3 USTORAGE; C:\WINDOWS\System32\DRIVERS\UStorage.sys [31104 2009-04-14] (USB Mass Storage.)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [526608 2012-05-03] (Check Point Software Technologies LTD)
S3 AFGMp50; no ImagePath
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 CFRMD; no ImagePath
S3 cpuz132; no ImagePath
U2 Irmon; no ImagePath
S1 SASDIFSV; no ImagePath
S1 SASKUTIL; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; no ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S1 vcdrom; no ImagePath
S3 ZTEusbmdm6k; no ImagePath
S3 ZTEusbnmea; no ImagePath
S3 ZTEusbser6k; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-11-13 20:58 - 2011-08-24 05:53 - 00000000 __SHD C:\WINDOWS\xxclone.arc
2015-09-15 01:34 - 2015-09-15 01:35 - 00020622 _____ C:\Documents and Settings\m\Desktop\FRST.txt
2015-09-12 23:16 - 2015-09-12 23:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-09-11 23:17 - 2015-09-15 01:35 - 00000000 ____D C:\Documents and Settings\m\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00024529 _____ C:\ComboFix.txt
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\M.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C.000\Local Settings\temp
2015-09-11 22:57 - 2015-09-11 22:57 - 00000000 _RSHD C:\cmdcons
2015-09-11 22:57 - 2015-07-29 21:02 - 00000338 _____ C:\Boot.bak
2015-09-11 22:57 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\sam.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2015-09-10 20:17 - 2015-09-10 20:17 - 00008192 ____H C:\WINDOWS\system32\config\security.tmp.LOG
2015-09-10 19:47 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-10 19:47 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-10 19:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-10 19:46 - 2015-09-10 19:46 - 00016280 _____ C:\FixitRegBackup.reg
2015-09-09 23:06 - 2015-09-09 23:11 - 05635119 ____R (Swearware) C:\Documents and Settings\m\Desktop\ComboFix.exe
2015-09-08 23:51 - 2015-09-08 23:51 - 00002798 _____ C:\Documents and Settings\m\Desktop\JRT.txt
2015-09-04 23:43 - 2015-09-05 11:30 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-04 23:43 - 2015-09-05 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-09-03 00:25 - 2015-09-15 01:34 - 00000000 ____D C:\FRST
2015-09-02 22:14 - 2015-09-13 23:53 - 01694208 _____ (Farbar) C:\Documents and Settings\m\Desktop\FRST.exe
2015-09-01 23:34 - 2015-09-01 23:34 - 00380598 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-1035525444-725345543-1003-0.dat
2015-08-30 22:11 - 2015-08-30 22:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2015-08-30 21:34 - 2015-08-30 21:34 - 00001695 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
2015-08-30 21:07 - 2015-08-30 21:07 - 00000702 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-08-29 22:43 - 2015-08-29 22:43 - 00000781 _____ C:\Documents and Settings\All Users\Desktop\Internet (Chromodo).lnk
2015-08-29 00:19 - 2015-09-01 23:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-08-28 00:36 - 2015-08-28 21:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-24 19:22 - 2015-08-24 19:22 - 00302760 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-08-21 22:51 - 2015-09-06 20:53 - 00000000 __SHD C:\WINDOWS\CSC
2015-08-20 23:36 - 2015-08-20 23:36 - 00000015 _____ C:\Documents and Settings\m\all
2015-08-17 23:36 - 2015-09-06 21:01 - 00032264 _____ C:\WINDOWS\setupapi.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 01:32 - 2012-10-11 23:45 - 00000000 ____D C:\Documents and Settings\m\Desktop\BBBB
2015-09-14 22:08 - 2014-02-25 05:26 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-14 20:00 - 2010-10-07 00:21 - 00213504 ____C C:\Documents and Settings\m\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-12 23:25 - 2010-09-09 16:42 - 01156072 ____C C:\WINDOWS\WindowsUpdate.log
2015-09-12 21:01 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\NetworkService
2015-09-11 23:17 - 2014-07-13 20:35 - 00000000 ____D C:\Qoobox
2015-09-11 23:13 - 2004-08-10 12:00 - 00000285 _____ C:\WINDOWS\system.ini
2015-09-11 23:12 - 2010-09-09 18:20 - 00000000 ____D C:\Documents and Settings\m
2015-09-11 22:57 - 2010-09-09 16:33 - 00000454 __RSH C:\boot.ini
2015-09-10 21:13 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\LocalService
2015-09-10 21:09 - 2014-07-13 20:31 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-10 20:19 - 2014-06-19 23:43 - 56360960 _____ C:\WINDOWS\system32\config\software.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 31195136 _____ C:\WINDOWS\system32\config\system.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 00028672 _____ C:\WINDOWS\system32\config\sam.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 05369856 _____ C:\WINDOWS\system32\config\default.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 00065536 _____ C:\WINDOWS\system32\config\security.bak
2015-09-10 20:19 - 2010-11-28 18:15 - 00000216 ____C C:\WINDOWS\wiadebug.log
2015-09-10 20:19 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settingsbkup.sfm
2015-09-10 20:19 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settings.sfm
2015-09-10 20:19 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-10 20:19 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-10 20:19 - 2010-09-09 18:20 - 00000178 __SHC C:\Documents and Settings\m\ntuser.ini
2015-09-10 19:48 - 2010-09-09 18:18 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-10 19:48 - 2010-09-09 18:18 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-09-10 19:39 - 2010-09-29 00:44 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job
2015-09-10 19:34 - 2010-09-27 14:57 - 04481358 _____ C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10031102}.CDF
2015-09-10 19:33 - 2015-08-10 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-10 19:31 - 2012-08-08 22:49 - 00000000 ____D C:\Documents and Settings\m\Application Data\vlc
2015-09-10 19:31 - 2011-01-09 20:33 - 00000000 ____D C:\Documents and Settings\m\Application Data\playitall
2015-09-10 19:28 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-09-10 19:21 - 2013-12-17 22:40 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-09-10 19:21 - 2010-09-09 16:40 - 00000000 ____D C:\WINDOWS\Registration
2015-09-10 19:19 - 2010-11-28 18:15 - 00000049 ____C C:\WINDOWS\wiaservc.log
2015-09-10 19:17 - 2014-03-10 12:04 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-08 20:56 - 2014-07-13 20:36 - 00000000 ____D C:\AdwCleaner
2015-09-07 14:17 - 2014-06-25 03:26 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 22:12 - 2010-11-02 00:16 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job
2015-09-03 21:39 - 2010-09-29 00:44 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job
2015-09-03 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-09-03 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-09-03 12:12 - 2010-11-02 00:16 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job
2015-09-01 23:35 - 2012-05-17 20:49 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-01 23:34 - 2012-05-14 01:39 - 00380598 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-01 23:34 - 2010-12-26 22:58 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-01 21:15 - 2010-09-09 16:42 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-01 01:14 - 2011-10-22 16:29 - 00000000 ____D C:\Program Files\WinFF
2015-09-01 01:12 - 2012-08-05 18:06 - 00000000 ____D C:\Documents and Settings\m\Desktop\ultra
2015-09-01 00:51 - 2011-09-02 23:33 - 00000000 ____D C:\Documents and Settings\m\Desktop\barcode
2015-09-01 00:51 - 2010-12-05 18:59 - 00000000 ____D C:\Documents and Settings\m\Desktop\New Folder (2)
2015-09-01 00:50 - 2010-10-29 23:10 - 00000000 ____D C:\Documents and Settings\m\Desktop\8
2015-08-31 00:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2015-08-30 21:54 - 2010-09-29 00:45 - 00002258 ____C C:\Documents and Settings\m\Desktop\Google Chrome.lnk
2015-08-30 21:34 - 2012-05-17 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2015-08-30 21:34 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2015-08-30 21:30 - 2012-05-17 20:36 - 00000000 ____D C:\Program Files\Comodo
2015-08-30 21:25 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Comodo
2015-08-29 21:35 - 2012-09-16 19:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 21:53 - 2012-04-17 13:54 - 00778440 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-28 21:53 - 2011-05-20 01:22 - 00142536 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-28 21:51 - 2014-09-11 20:21 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Adobe
2015-08-28 00:39 - 2011-08-18 23:36 - 00000000 ____D C:\Documents and Settings\m\Application Data\Skype
2015-08-28 00:33 - 2014-11-07 13:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-08-24 05:39 - 2012-06-04 00:10 - 00814149 ____C C:\Documents and Settings\m\Local Settings\Application Data\census.cache
2015-08-24 05:39 - 2012-06-04 00:10 - 00259338 ____C C:\Documents and Settings\m\Local Settings\Application Data\ars.cache
2015-08-20 23:45 - 2011-08-25 19:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-20 00:10 - 2004-08-10 12:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2015-08-19 01:09 - 2010-09-30 15:06 - 00000178 __SHC C:\Documents and Settings\K\ntuser.ini
2015-08-19 01:08 - 2010-09-30 15:06 - 00000000 ____D C:\Documents and Settings\K\Local Settings\Temp
2015-08-19 01:08 - 2010-09-30 15:06 - 00000000 ____D C:\Documents and Settings\K
2015-08-17 00:00 - 2015-08-03 00:01 - 00035992 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys

==================== Files in the root of some directories =======

2014-03-08 14:47 - 2014-03-08 14:47 - 0002528 ____C () C:\Documents and Settings\m\Application Data\$_hpcst$.hpc
2011-01-26 21:49 - 2012-04-18 12:46 - 0000031 ____C () C:\Documents and Settings\m\Application Data\Days5.ini
2013-05-26 00:21 - 2013-05-26 00:36 - 0000196 ____C () C:\Documents and Settings\m\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2014-08-02 22:49 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.Desktop.Exception.log
2014-08-02 22:50 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.DesktopHelper.Exception.log
2014-08-02 22:53 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.Transcoder.Exception.log
2012-06-11 22:35 - 2012-06-11 22:43 - 0214016 ____C () C:\Documents and Settings\m\Application Data\SharedSettings.ccs
2012-06-04 00:10 - 2015-08-24 05:39 - 0259338 ____C () C:\Documents and Settings\m\Local Settings\Application Data\ars.cache
2012-06-04 00:10 - 2015-08-24 05:39 - 0814149 ____C () C:\Documents and Settings\m\Local Settings\Application Data\census.cache
2014-02-23 02:29 - 2014-03-01 01:40 - 0000664 _____ () C:\Documents and Settings\m\Local Settings\Application Data\d3d9caps.dat
2010-10-07 00:21 - 2015-09-14 20:00 - 0213504 ____C () C:\Documents and Settings\m\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-09 18:24 - 2010-09-09 18:24 - 0000124 ____C () C:\Documents and Settings\m\Local Settings\Application Data\fusioncache.dat
2012-06-03 23:53 - 2012-06-03 23:53 - 0000036 ____C () C:\Documents and Settings\m\Local Settings\Application Data\housecall.guid.cache
2015-06-25 14:09 - 2015-06-25 14:09 - 0000218 _____ () C:\Documents and Settings\m\Local Settings\Application Data\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Documents and Settings\m\Local Settings\Application Data\setup.txt
2011-08-29 02:25 - 2011-08-29 19:34 - 0002770 ____C () C:\Documents and Settings\m\Local Settings\Application Data\video.torrent

Some files in TEMP:
====================
C:\Documents and Settings\K\Local Settings\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\K\Local Settings\temp\mediaget_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[curleww]

Just noticed the stu below, think I may have missed this stage
I have no D/L link for it ?

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

[Broni]

What do you mean?
Go to my previous post and click on my attachment:

 

[curleww]

Download link - nothing under attached files was showing ? anyway its sorted now.
ran fixlist and
rebooted to normal mode but still no comodo or internet although everything says connected and firewalled
booted into safe mode and got blue stop screen "page fault in new page area"
rebooted again to safe mode still no comodo , f key still temperamental
wondering about reinstalling windows ?

Fix result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by m (2015-09-16 22:02:25) Run:1
Running from C:\Documents and Settings\m\Desktop
Loaded Profiles: m (Available Profiles: m & K & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-1035525444-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
Toolbar: HKU\S-1-5-21-329068152-1035525444-725345543-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - No File
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
S3 AFGMp50; no ImagePath
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 CFRMD; no ImagePath
S3 cpuz132; no ImagePath
U2 Irmon; no ImagePath
S1 SASDIFSV; no ImagePath
S1 SASKUTIL; no ImagePath
S3 SjyPkt; no ImagePath
S1 vcdrom; no ImagePath
S3 ZTEusbmdm6k; no ImagePath
S3 ZTEusbnmea; no ImagePath
S3 ZTEusbser6k; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
2015-08-30 22:13 - 2015-09-01 21:19 - 00000865 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
2015-08-30 22:11 - 2015-08-30 22:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-03-08 14:47 - 2014-03-08 14:47 - 0002528 ____C () C:\Documents and Settings\m\Application Data\$_hpcst$.hpc
2011-01-26 21:49 - 2012-04-18 12:46 - 0000031 ____C () C:\Documents and Settings\m\Application Data\Days5.ini
2013-05-26 00:21 - 2013-05-26 00:36 - 0000196 ____C () C:\Documents and Settings\m\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2014-08-02 22:49 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.Desktop.Exception.log
2014-08-02 22:50 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.DesktopHelper.Exception.log
2014-08-02 22:53 - 2014-08-02 23:19 - 0000077 _____ () C:\Documents and Settings\m\Application Data\Rim.Transcoder.Exception.log
2012-06-11 22:35 - 2012-06-11 22:43 - 0214016 ____C () C:\Documents and Settings\m\Application Data\SharedSettings.ccs
2012-06-04 00:10 - 2015-08-24 05:39 - 0259338 ____C () C:\Documents and Settings\m\Local Settings\Application Data\ars.cache
2012-06-04 00:10 - 2015-08-24 05:39 - 0814149 ____C () C:\Documents and Settings\m\Local Settings\Application Data\census.cache
2014-02-23 02:29 - 2014-03-01 01:40 - 0000664 _____ () C:\Documents and Settings\m\Local Settings\Application Data\d3d9caps.dat
2010-10-07 00:21 - 2015-08-07 22:02 - 0213504 ____C () C:\Documents and Settings\m\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-09 18:24 - 2010-09-09 18:24 - 0000124 ____C () C:\Documents and Settings\m\Local Settings\Application Data\fusioncache.dat
2012-06-03 23:53 - 2012-06-03 23:53 - 0000036 ____C () C:\Documents and Settings\m\Local Settings\Application Data\housecall.guid.cache
2015-06-25 14:09 - 2015-06-25 14:09 - 0000218 _____ () C:\Documents and Settings\m\Local Settings\Application Data\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Documents and Settings\m\Local Settings\Application Data\setup.txt
2011-08-29 02:25 - 2011-08-29 19:34 - 0002770 ____C () C:\Documents and Settings\m\Local Settings\Application Data\video.torrent
C:\Documents and Settings\K\Local Settings\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\K\Local Settings\temp\mediaget_installer.exe
AV: ZoneAlarm Antivirus (Disabled - Out of date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\m\Desktop\Intellimon.XSitePro.v2.117.3275.29192-DVT.rar:$CmdZnID

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-329068152-1035525444-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" => key removed successfully.
HKCR\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found.
HKU\S-1-5-21-329068152-1035525444-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\vw-wi" => key removed successfully.
"HKCR\CLSID\{0F3C833F-FB28-40EA-8CB9-6A55B996C3F6}" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Avira SystrayStartTrigger => value removed successfully.
"C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" => File/Folder not found.
AFGMp50 => service removed successfully.
catchme => Service stopped successfully.
catchme => service removed successfully.
CFRMD => service removed successfully.
cpuz132 => service removed successfully.
Irmon => service removed successfully.
SASDIFSV => service removed successfully.
SASKUTIL => service removed successfully.
SjyPkt => service removed successfully.
vcdrom => service removed successfully.
ZTEusbmdm6k => service removed successfully.
ZTEusbnmea => service removed successfully.
ZTEusbser6k => service removed successfully.
mbr => service removed successfully.
"C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk" => File/Folder not found.
C:\Documents and Settings\All Users\Application Data\Avira => moved successfully
C:\Documents and Settings\m\Application Data\$_hpcst$.hpc => moved successfully
C:\Documents and Settings\m\Application Data\Days5.ini => moved successfully
C:\Documents and Settings\m\Application Data\G-Force Prefs (WindowsMediaPlayer).txt => moved successfully
C:\Documents and Settings\m\Application Data\Rim.Desktop.Exception.log => moved successfully
C:\Documents and Settings\m\Application Data\Rim.DesktopHelper.Exception.log => moved successfully
C:\Documents and Settings\m\Application Data\Rim.Transcoder.Exception.log => moved successfully
C:\Documents and Settings\m\Application Data\SharedSettings.ccs => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\ars.cache => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\census.cache => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\d3d9caps.dat => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\fusioncache.dat => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\housecall.guid.cache => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\recently-used.xbel => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\setup.txt => moved successfully
C:\Documents and Settings\m\Local Settings\Application Data\video.torrent => moved successfully
C:\Documents and Settings\K\Local Settings\temp\jre-6u31-windows-i586-iftw-rv.exe => moved successfully
C:\Documents and Settings\K\Local Settings\temp\mediaget_installer.exe => moved successfully
AV: ZoneAlarm Antivirus (Disabled - Out of date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} => removed successfully.
AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} => removed successfully.
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B} => removed successfully.
"HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":1CE11B51" ADS removed successfully..
C:\Documents and Settings\m\Desktop\Intellimon.XSitePro.v2.117.3275.29192-DVT.rar => ":$CmdZnID" ADS removed successfully..

==== End of Fixlog 22:02:26 ====

 

[Broni]

Uninstall Comodo for now, turn Windows firewall on and see how things are.

 

[curleww]

Uninstalled comodo was saying another instance is running wait for it to finish, managed to remove it with an uninstaller program
no internet in normal mode
tried disabling and re-enabling connection and computer is going into a sleep mode ( audible click and screen goes blank and computer will do nothing )and needs to be rebooted has it wont resume

 

[Broni]

So the internet is fine in safe mode with networking?

 

[curleww]

Yes
ive had inrernet in sae mode but not normal from the start of this thread
still having issues with letter f not typing most times

 

[Broni]

I need these two scans to be run from normal mode (download in safe mode with networking.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:

• Flush DNS
• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Devices (do NOT change any settings)
• List Restore Points

Click Go and post the result.

 

[curleww]

Farbar Service Scanner Version: 26-07-2015
Ran by m (administrator) on 22-09-2015 at 10:48:25
Running from "C:\Documents and Settings\m\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
AegisP(11) cmdHlp(18) Gpc(3) IPSec(5) kl2(14) NetBT(6) PSched(7) Tcpip(4)
0x100000000E000000050000000100000002000000030000000400000012000000110000000D0000000C0000000600000007000000090000000A0000000B00000008000000


**** End of log ****

 

[curleww]

MiniToolBox by Farbar Version: 25-07-2015 01
Ran by m (administrator) on 22-09-2015 at 10:53:54
Running from "C:\Documents and Settings\m\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Model: Manufacturer:
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [5F5A4C13557347C]. Some commands may not be available.
Class not registered



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 9"

set address name="Local Area Connection 9" source=dhcp
set dns name="Local Area Connection 9" source=dhcp register=PRIMARY
set wins name="Local Area Connection 9" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "vpn-jp"

set address name="vpn-jp" source=dhcp
set dns name="vpn-jp" source=dhcp register=PRIMARY
set wins name="vpn-jp" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : 5f5a4c13557347c

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 9:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : TRENDnet, TEG-PCITXR 32-bit 10/100/1000Mbps PCI ADAPTER

Physical Address. . . . . . . . . : C8-3A-35-DF-DC-66



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-7E-36-A7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.159.80

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter vpn-jp:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : VPN Client Adapter - vpn jp

Physical Address. . . . . . . . . : 00-AC-A2-6E-E0-B4

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...c8 3a 35 df dc 66 ...... TRENDnet, TEG-PCITXR 32-bit 10/100/1000Mbps PCI ADAPTER - Packet Scheduler Miniport
0x3 ...00 07 e9 7e 36 a7 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x4 ...00 ac a2 6e e0 b4 ...... VPN Client Adapter - vpn jp - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.159.80 169.254.159.80 20
169.254.159.80 255.255.255.255 127.0.0.1 127.0.0.1 20
169.254.255.255 255.255.255.255 169.254.159.80 169.254.159.80 20
224.0.0.0 240.0.0.0 169.254.159.80 169.254.159.80 20
255.255.255.255 255.255.255.255 169.254.159.80 4 1
255.255.255.255 255.255.255.255 169.254.159.80 169.254.159.80 1
255.255.255.255 255.255.255.255 169.254.159.80 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 46 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 47 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 48 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 49 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 50 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 51 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 52 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 53 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/22/2015 10:48:22 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/22/2015 12:58:57 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/21/2015 12:53:44 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error: (09/21/2015 12:53:33 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error: (09/20/2015 11:49:12 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/20/2015 10:11:34 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error: (09/20/2015 10:11:20 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error: (09/20/2015 10:11:12 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error: (09/20/2015 10:02:50 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: COMODO Internet Security -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (09/20/2015 10:02:32 PM) (Source: MsiInstaller) (User: 5F5A4C13557347C)
Description: Product: COMODO Internet Security -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.


System errors:
=============
Error: (09/22/2015 10:47:47 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 120 minutes.
NtpClient has no source of accurate time.

Error: (09/22/2015 10:47:47 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (09/22/2015 09:47:45 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (09/22/2015 09:47:45 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (09/22/2015 09:17:45 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (09/22/2015 09:17:45 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (09/22/2015 09:03:25 AM) (Source: Service Control Manager) (User: )
Description: The PacketiX VPN Client service failed to start due to the following error:
%%3

Error: (09/22/2015 09:03:25 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/22/2015 09:03:25 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/22/2015 09:03:25 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/22/2015 10:48:22 AM) (Source: Application Error)(User: )
Description: plugin-container.exe40.0.3.5716mozglue.dll40.0.3.57160000e250

Error: (09/22/2015 12:58:57 AM) (Source: Application Error)(User: )
Description: plugin-container.exe40.0.3.5716mozglue.dll40.0.3.57160000e250

Error: (09/21/2015 12:53:44 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (09/21/2015 12:53:33 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (09/20/2015 11:49:12 PM) (Source: Application Error)(User: )
Description: plugin-container.exe40.0.3.5716mozglue.dll40.0.3.57160000e250

Error: (09/20/2015 10:11:34 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (09/20/2015 10:11:20 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (09/20/2015 10:11:12 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (09/20/2015 10:02:50 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: COMODO Internet Security -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)

Error: (09/20/2015 10:02:32 PM) (Source: MsiInstaller)(User: 5F5A4C13557347C)
Description: Product: COMODO Internet Security -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)


========================= Devices: ================================

========================= Restore Points ==================================


**** End of log ****

 

[Broni]

• Please download comintrep.zip and save it to your desktop
• Unzip downloaded file. It'll create cintrepair folder. Inside that folder you'll find CIntRep.exe file
• Double click on CIntRep.exe to run the tool
• Place a checkmark next to the following entries:

• Reset Internet Protocol (TCP/IP)
• Repair Winsock (Reset Catalog)
• Renew Internet Connections
• Flush DNS Resolver Cache
• Repair Internet Explorer xxxx
• Clear Windows Update History
• Repair Windows / Automatic Updates
• Repair SSL / HTTPS / Cryptography
• Reset Windows Firewall Configuration
• Restore the default hosts file
• Repair Workgroup Computers view

• Click Go!
• Ignore any error messages for now
• Click OK to reboot your computer
• Check your internet access

 

[curleww]

still no internet in normal mode (limited or no connectivity)

 

[Broni]

Can you get me fresh FRST logs?

Make sure you checkmark Addition.txt box so both logs will be produced.

 

[curleww]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by m (administrator) on 5F5A4C13557347C (24-09-2015 16:53:18)
Running from C:\Documents and Settings\m\Desktop
Loaded Profiles: m (Available Profiles: m & K & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Comodo) C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Oki Data Corporation) C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
(Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(WhiteCanyon Inc.) C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe
(GlavSoft LLC.) C:\Program Files\Common Files\Comodo\tvnserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(GlavSoft LLC.) C:\Program Files\Common Files\Comodo\tvnserver.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_45\bin\jp2launcher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [28672 2003-02-20] (Creative Technology Ltd)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
HKLM\...\Run: [ScanSoft OmniPage SE 4.0-reminder] => C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe [1410600 2006-09-26] (Nuance Communications, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [132704 2006-10-26] (CANON INC.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-18] (Oracle Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Creative MediaSource Go] => C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe [126976 2002-11-25] (Creative Technology Ltd)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-03-22]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2014-03-09]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\m\Start Menu\Programs\StartUp\Serviio.lnk [2015-07-29]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{70C2F4ED-25C2-496E-B381-4222D511273F}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{BE8BAB0A-A427-4D7A-99F9-C5BA65B9CB7E}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-329068152-1035525444-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
BHO: No Name -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> No File
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-11-08] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-28] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\m\Local Settings\Application Data\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Extension: RAMBack - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\ramback@pavlov.net.xpi [2014-07-19]
FF Extension: NoScript - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-13]

Chrome:
=======
CHR Profile: C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
StartMenuInternet: Google Chrome - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-08-19] (Comodo)
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-08-23] (Comodo Security Solutions Inc.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-02] (Oki Data Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
R2 ehRecvr; C:\WINDOWS\eHome\ehRecvr.exe [237568 2006-10-09] (Microsoft Corporation) [File not signed]
R2 ehSched; C:\WINDOWS\eHome\ehSched.exe [102912 2005-08-05] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) [File not signed]
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 SCWatch 4.0; C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe [364544 2007-05-17] (WhiteCanyon Inc.) [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2013-08-08] () [File not signed]
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 tvnserver; C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation) [File not signed]
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]
S3 KOT; no ImagePath
S2 vpnclient; no ImagePath
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2010-10-06] (Meetinghouse Data Communications) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA))
R3 AtlsAud; C:\WINDOWS\System32\drivers\AtlsAud.sys [21504 2002-12-03] (Dell Computer Corporation)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-06-03] () [File not signed]
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation. ) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2010-09-27] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2010-09-27] (Roxio) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-05] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-05] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-05] (COMODO)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology Ltd)
R3 EMATCORE; C:\WINDOWS\System32\Drivers\AtlsVid.sys [134304 2002-12-04] (Dell Computer Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-08-17] ()
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105664 2015-08-05] (COMODO)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\WINDOWS\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [485808 2012-01-09] (Kaspersky Lab)
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-07] (Malwarebytes Corporation)
S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [51968 2011-02-10] (Generic USB smartcard reader)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-11-09] (Intel Corporation )
S3 ndiscm; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [14336 2003-08-10] (Motorola Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R3 Neo_vpn jp; C:\WINDOWS\System32\DRIVERS\Neo_0029.sys [22000 2012-08-07] (SoftEther Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-11-11] (Padus, Inc.) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-05-12] (Sonic Solutions) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [118656 2009-02-25] (TRENDware International, Inc )
S3 SEE; C:\WINDOWS\System32\drivers\see.sys [43104 2014-01-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2011-08-19] (The OpenVPN Project) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USTORAGE; C:\WINDOWS\System32\DRIVERS\UStorage.sys [31104 2009-04-14] (USB Mass Storage.)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [526608 2012-05-03] (Check Point Software Technologies LTD)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-11-13 20:58 - 2011-08-24 05:53 - 00000000 __SHD C:\WINDOWS\xxclone.arc
2015-09-24 16:53 - 2015-09-24 16:55 - 00025546 _____ C:\Documents and Settings\m\Desktop\FRST.txt
2015-09-23 17:56 - 2015-09-23 21:09 - 00003758 _____ C:\WINDOWS\bitssetup.log
2015-09-23 17:47 - 2014-01-11 07:45 - 00000000 ____D C:\Documents and Settings\m\Desktop\ComIntRepair
2015-09-23 17:02 - 2015-09-23 17:02 - 01586165 _____ C:\Documents and Settings\m\Desktop\ComIntRepair.exe
2015-09-22 10:53 - 2015-09-22 10:59 - 00017705 _____ C:\Documents and Settings\m\Desktop\MTB.txt
2015-09-22 10:48 - 2015-09-22 10:48 - 00002469 _____ C:\Documents and Settings\m\Desktop\FSS.txt
2015-09-22 08:33 - 2015-09-22 08:37 - 00000000 ____D C:\Documents and Settings\m\Desktop\desktop icons
2015-09-21 21:15 - 2015-09-21 21:15 - 00891392 _____ (Farbar) C:\Documents and Settings\m\Desktop\MiniToolBox.exe
2015-09-21 21:14 - 2015-09-21 21:14 - 00899072 _____ (Farbar) C:\Documents and Settings\m\Desktop\FSS.exe
2015-09-20 21:53 - 2015-09-20 21:53 - 00002528 _____ C:\Documents and Settings\m\Application Data\$_hpcst$.hpc
2015-09-12 23:16 - 2015-09-20 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-09-11 23:17 - 2015-09-24 16:55 - 00000000 ____D C:\Documents and Settings\m\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00024529 _____ C:\ComboFix.txt
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\M.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C.000\Local Settings\temp
2015-09-11 22:57 - 2015-09-11 22:57 - 00000000 _RSHD C:\cmdcons
2015-09-11 22:57 - 2015-07-29 21:02 - 00000338 _____ C:\Boot.bak
2015-09-11 22:57 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\sam.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2015-09-10 20:17 - 2015-09-10 20:17 - 00008192 ____H C:\WINDOWS\system32\config\security.tmp.LOG
2015-09-10 19:47 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-10 19:47 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-10 19:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-10 19:46 - 2015-09-10 19:46 - 00016280 _____ C:\FixitRegBackup.reg
2015-09-04 23:43 - 2015-09-05 11:30 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-04 23:43 - 2015-09-05 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-09-03 00:25 - 2015-09-24 16:53 - 00000000 ____D C:\FRST
2015-09-02 22:14 - 2015-09-16 22:02 - 01695232 _____ (Farbar) C:\Documents and Settings\m\Desktop\FRST.exe
2015-09-01 23:34 - 2015-09-01 23:34 - 00380598 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-1035525444-725345543-1003-0.dat
2015-08-30 21:34 - 2015-08-30 21:34 - 00001695 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
2015-08-30 21:07 - 2015-08-30 21:07 - 00000702 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-08-29 22:43 - 2015-08-29 22:43 - 00000781 _____ C:\Documents and Settings\All Users\Desktop\Internet (Chromodo).lnk
2015-08-29 00:19 - 2015-09-01 23:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-08-28 00:36 - 2015-08-28 21:54 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-24 16:48 - 2010-09-09 16:42 - 01238083 ____C C:\WINDOWS\WindowsUpdate.log
2015-09-24 16:46 - 2013-12-17 22:40 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-09-24 16:45 - 2014-03-10 12:04 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-24 16:45 - 2010-09-09 16:40 - 00000000 ____D C:\WINDOWS\Registration
2015-09-24 16:44 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-09-24 16:44 - 2010-11-28 18:15 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-09-24 16:44 - 2010-11-28 18:15 - 00000049 ____C C:\WINDOWS\wiaservc.log
2015-09-24 16:43 - 2010-09-09 18:18 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-09-24 16:37 - 2010-09-09 18:20 - 00000178 __SHC C:\Documents and Settings\m\ntuser.ini
2015-09-24 11:48 - 2015-08-17 23:36 - 00038502 _____ C:\WINDOWS\setupapi.log
2015-09-23 21:13 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settingsbkup.sfm
2015-09-23 21:13 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settings.sfm
2015-09-23 21:13 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-23 21:13 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-23 21:12 - 2010-11-02 00:16 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job
2015-09-23 21:12 - 2010-09-09 18:20 - 00000000 ____D C:\Documents and Settings\m
2015-09-23 21:12 - 2010-09-09 18:18 - 00032022 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-23 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-09-23 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-09-23 20:39 - 2010-09-29 00:44 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job
2015-09-23 20:33 - 2015-08-10 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-22 12:01 - 2014-02-25 05:26 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-21 20:33 - 2011-03-08 23:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-09-21 20:33 - 2010-12-28 22:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
2015-09-21 20:33 - 2010-12-26 22:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-09-20 21:39 - 2010-09-29 00:44 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job
2015-09-20 12:12 - 2010-11-02 00:16 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job
2015-09-20 00:06 - 2010-12-26 22:58 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-16 22:31 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\LocalService
2015-09-16 22:02 - 2010-09-30 15:06 - 00000000 ____D C:\Documents and Settings\K\Local Settings\Temp
2015-09-12 21:01 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\NetworkService
2015-09-11 23:17 - 2014-07-13 20:35 - 00000000 ____D C:\Qoobox
2015-09-11 23:13 - 2004-08-10 12:00 - 00000285 _____ C:\WINDOWS\system.ini
2015-09-11 23:13 - 2004-08-10 12:00 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2015-09-11 22:57 - 2010-09-09 16:33 - 00000454 __RSH C:\boot.ini
2015-09-10 21:09 - 2014-07-13 20:31 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-10 20:19 - 2014-06-19 23:43 - 56360960 _____ C:\WINDOWS\system32\config\software.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 31195136 _____ C:\WINDOWS\system32\config\system.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 00028672 _____ C:\WINDOWS\system32\config\sam.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 05369856 _____ C:\WINDOWS\system32\config\default.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 00065536 _____ C:\WINDOWS\system32\config\security.bak
2015-09-10 19:31 - 2012-08-08 22:49 - 00000000 ____D C:\Documents and Settings\m\Application Data\vlc
2015-09-10 19:31 - 2011-01-09 20:33 - 00000000 ____D C:\Documents and Settings\m\Application Data\playitall
2015-09-08 20:56 - 2014-07-13 20:36 - 00000000 ____D C:\AdwCleaner
2015-09-07 14:17 - 2014-06-25 03:26 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-06 20:53 - 2015-08-21 22:51 - 00000000 __SHD C:\WINDOWS\CSC
2015-09-01 23:35 - 2012-05-17 20:49 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-01 23:34 - 2012-05-14 01:39 - 00380598 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-01 21:15 - 2010-09-09 16:42 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-01 01:14 - 2011-10-22 16:29 - 00000000 ____D C:\Program Files\WinFF
2015-08-31 00:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2015-08-30 21:54 - 2010-09-29 00:45 - 00002258 ____C C:\Documents and Settings\m\Desktop\Google Chrome.lnk
2015-08-30 21:34 - 2012-05-17 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2015-08-30 21:34 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2015-08-30 21:30 - 2012-05-17 20:36 - 00000000 ____D C:\Program Files\Comodo
2015-08-30 21:25 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Comodo
2015-08-29 21:35 - 2012-09-16 19:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 21:53 - 2012-04-17 13:54 - 00778440 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-28 21:53 - 2011-05-20 01:22 - 00142536 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-28 21:51 - 2014-09-11 20:21 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Adobe
2015-08-28 00:39 - 2011-08-18 23:36 - 00000000 ____D C:\Documents and Settings\m\Application Data\Skype
2015-08-28 00:33 - 2014-11-07 13:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

==================== Files in the root of some directories =======

2015-09-20 21:53 - 2015-09-20 21:53 - 0002528 _____ () C:\Documents and Settings\m\Application Data\$_hpcst$.hpc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[curleww]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by m (2015-09-24 16:56:19)
Running from C:\Documents and Settings\m\Desktop
Microsoft Windows XP Service Pack 3 (X86) (2010-09-09 15:47:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-329068152-1035525444-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.5F5A4C13557347C
ASPNET (S-1-5-21-329068152-1035525444-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-329068152-1035525444-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-329068152-1035525444-725345543-1000 - Limited - Disabled)
K (S-1-5-21-329068152-1035525444-725345543-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\K
m (S-1-5-21-329068152-1035525444-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\m
SUPPORT_388945a0 (S-1-5-21-329068152-1035525444-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-329068152-1035525444-725345543-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AliIM Plugins for Browser (HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Atlantis (Version: 1.50 - Dell) Hidden
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator 3.0 (HKLM\...\MP Navigator 3.0) (Version: - )
Canon MP600R (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R) (Version: - )
Canon MP600R User Registration (HKLM\...\Canon MP600R User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Chromodo (HKLM\...\Chromodo) (Version: 44.5.7.268 - Comodo)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 43.3.3.185 - Comodo)
Conexant SmartHSFi V92 56K Speakerphone PCI Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2702) (Version: - )
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )
Dell Movie Studio Diagnostics (HKLM\...\InstallShield_{9ED6519B-324A-4C66-98EE-E3F54281BA78}) (Version: 1.50 - Dell)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Digital Video Repair 2.2 (HKLM\...\Digital Video Repair) (Version: - )
Dual Mode Digital Camera Z (HKLM\...\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}) (Version: 2.1 - DSC)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
FixCleaner (HKLM\...\{EFCCCA5E-6F4B-4B7B-903F-24D752DFDC64}) (Version: 2.0.4972 - Slimware Utilities, Inc.)
Free File Opener v2011.7.0.1 (HKLM\...\Free File Opener_is1) (Version: 2011.7.0.1 - Free File Opener, LLC)
Free Video to MP3 Converter version 5.0.30.1029 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
GeekBuddy (HKLM\...\{D4651C22-C4C5-4294-AD9C-91FF0F048CCC}) (Version: 4.1.31 - Comodo Security Solutions Inc)
Google Chrome (HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
InstallIQ Updater (HKLM\...\{A9FE59F0-5BFA-4FDF-84C6-F45457715379}) (Version: 1.4.1.0 - W3i, LLC)
Intel(R) Network Connections 16.8.46.0 (HKLM\...\{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}) (Version: 16.8.46.0 - Intel)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.8.1 - ahead software gmbh)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Nvu 1.0PR (HKLM\...\Nvu_is1) (Version: 1.0PR - Linspire Inc.)
PacketiX VPN Client (English) (HKLM\...\{F26E2781-2E22-4485-A33A-6F3E322A3F2D}) (Version: 2.20.5351 - SoftEther Corporation)
PlayItAll media player 1.0.5 (HKLM\...\PlayItAll media player) (Version: 1.0.5 - PlayItAll)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
RAR Password Recovery v1.1 RC16 (remove only) (HKLM\...\Intelore - RAR Password Recovery) (Version: - )
Roxio VideoWave Movie Creator (HKLM\...\{BB46245B-CECA-406F-8790-3ABA0D01012F}) (Version: 1.6.676.0 - Roxio, Inc.)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
SecureClean4 (HKLM\...\{83b13a64-d98a-48a2-8cbc-ec0ec5433b18}) (Version: - )
Security Task Manager 1.8d (HKLM\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Serif DrawPlus Starter Edition (HKLM\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Serif WebPlus 9.0 (HKLM\...\{4493E86C-1408-4AF6-8455-0744D25CD355}) (Version: 9.00 - Serif)
Serviio (HKLM\...\Serviio) (Version: - )
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Snagit 10 (HKLM\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Snagit 11 (HKLM\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.18.9570 - SoftEther VPN Project)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - )
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.10 beta 5 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
XHeader (HKLM\...\XHeader) (Version: 1.215 - Intellimon)
XSite Pro (HKLM\...\XSite Pro) (Version: 1.55 - Intellimon Ltd)
XSitePro2 (HKLM\...\XSitePro2) (Version: 2.01 - Intellimon Ltd)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yawcam 0.4.0 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{293600C7-E7B6-4f06-9329-D8522A33C7E8}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\Application\44.0.2403.157\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1133\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 12:00 - 2015-09-23 21:10 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job => C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job => C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job => C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job => C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2011-10-20 13:35 - 2010-02-17 18:25 - 00152064 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2011-10-20 13:35 - 2010-02-09 15:55 - 00049152 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2004-08-10 12:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 12:00 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 12:00 - 2008-04-14 01:11 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
2004-08-10 12:00 - 2008-04-14 01:11 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
2013-08-08 00:20 - 2013-08-08 00:20 - 00327680 ____C () C:\Program Files\Serviio\bin\ServiioService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-08 00:20 - 2013-08-08 00:20 - 00610304 ____C () C:\Program Files\Serviio\bin\ServiioConsole.exe
2010-10-08 23:05 - 2012-05-25 04:25 - 00921600 ____C () C:\Program Files\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLauncher => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-1035525444-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\m\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Serviio\bin\ServiioConsole.exe] => Enabled:ServiioConsole

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2015 04:54:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:51 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:36 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (09/24/2015 04:54:18 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:18 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (09/24/2015 04:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PacketiX VPN Client service failed to start due to the following error:
%%3

Error: (09/24/2015 04:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/24/2015 04:45:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/24/2015 04:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueVector Internet Monitor service failed to start due to the following error:
%%2

Error: (09/24/2015 04:45:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (09/24/2015 04:45:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMODO Internet Security Helper Service service failed to start due to the following error:
%%2

Error: (09/24/2015 04:44:37 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (09/24/2015 04:44:37 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (09/24/2015 04:44:37 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (09/24/2015 04:44:37 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 21%
Total physical RAM: 3326.98 MB
Available physical RAM: 2604.55 MB
Total Virtual: 7259.51 MB
Available Virtual: 6731.83 MB

==================== Drives ================================

Drive c: (C 76gb) (Fixed) (Total:76.68 GB) (Free:9.43 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (E 232 gb) (Fixed) (Total:232.82 GB) (Free:143.07 GB) NTFS
Drive f: (F 750gb sata) (Fixed) (Total:698.64 GB) (Free:577.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: C9C9C9C9)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.8 GB) (Disk ID: C0B7C0B7)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 13B4A6DA)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

There is still some stuff from Comodo running.
Uninstall Comodo Dragon and Chromodo and give me fresh FRST logs.

I apologize for the delay. My previous computer died on me two days ago.

 

[curleww]

No need or apoliges just proves even the techies go down some times )

logs below

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by m (administrator) on 5F5A4C13557347C (26-09-2015 11:46:27)
Running from C:\Documents and Settings\m\Desktop
Loaded Profiles: m (Available Profiles: m & K & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(GlavSoft LLC.) C:\Program Files\Common Files\Comodo\tvnserver.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [28672 2003-02-20] (Creative Technology Ltd)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
HKLM\...\Run: [ScanSoft OmniPage SE 4.0-reminder] => C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe [1410600 2006-09-26] (Nuance Communications, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [132704 2006-10-26] (CANON INC.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-18] (Oracle Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Creative MediaSource Go] => C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe [126976 2002-11-25] (Creative Technology Ltd)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_Plugin.exe [1156296 2015-08-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-03-22]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2014-03-09]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\m\Start Menu\Programs\StartUp\Serviio.lnk [2015-07-29]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{6526F4AF-2682-4DA1-A996-44C2CC3DA0B6}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{70C2F4ED-25C2-496E-B381-4222D511273F}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{BE8BAB0A-A427-4D7A-99F9-C5BA65B9CB7E}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-329068152-1035525444-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
BHO: No Name -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> No File
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-11-08] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-28] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\m\Local Settings\Application Data\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-329068152-1035525444-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Extension: RAMBack - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\ramback@pavlov.net.xpi [2014-07-19]
FF Extension: NoScript - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-13]

Chrome:
=======
CHR Profile: C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
StartMenuInternet: Google Chrome - C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-08-23] (Comodo Security Solutions Inc.)
S2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-02] (Oki Data Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S2 ehRecvr; C:\WINDOWS\eHome\ehRecvr.exe [237568 2006-10-09] (Microsoft Corporation) [File not signed]
S2 ehSched; C:\WINDOWS\eHome\ehSched.exe [102912 2005-08-05] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) [File not signed]
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S2 SCWatch 4.0; C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe [364544 2007-05-17] (WhiteCanyon Inc.) [File not signed]
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2013-08-08] () [File not signed]
S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3941096 2015-08-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
S2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
S2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 tvnserver; C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation) [File not signed]
S2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]
S3 KOT; no ImagePath
S2 vpnclient; no ImagePath
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2010-10-06] (Meetinghouse Data Communications) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA))
S3 AtlsAud; C:\WINDOWS\System32\drivers\AtlsAud.sys [21504 2002-12-03] (Dell Computer Corporation)
S1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-06-03] () [File not signed]
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation. ) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [61424 2010-09-27] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23420 2010-09-27] (Roxio) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-05] (COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-05] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-05] (COMODO)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology Ltd)
S3 EMATCORE; C:\WINDOWS\System32\Drivers\AtlsVid.sys [134304 2002-12-04] (Dell Computer Corporation)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-08-17] ()
S3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105664 2015-08-05] (COMODO)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\WINDOWS\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [485808 2012-01-09] (Kaspersky Lab)
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-07] (Malwarebytes Corporation)
S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [51968 2011-02-10] (Generic USB smartcard reader)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-11-09] (Intel Corporation )
S3 ndiscm; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [14336 2003-08-10] (Motorola Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R3 Neo_vpn jp; C:\WINDOWS\System32\DRIVERS\Neo_0029.sys [22000 2012-08-07] (SoftEther Corporation)
S1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-11-11] (Padus, Inc.) [File not signed]
S2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-05-12] (Sonic Solutions) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [118656 2009-02-25] (TRENDware International, Inc )
S3 SEE; C:\WINDOWS\System32\drivers\see.sys [43104 2014-01-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
S3 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2011-08-19] (The OpenVPN Project) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USTORAGE; C:\WINDOWS\System32\DRIVERS\UStorage.sys [31104 2009-04-14] (USB Mass Storage.)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [526608 2012-05-03] (Check Point Software Technologies LTD)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-11-13 20:58 - 2011-08-24 05:53 - 00000000 __SHD C:\WINDOWS\xxclone.arc
2015-09-26 11:46 - 2015-09-26 11:47 - 00023301 _____ C:\Documents and Settings\m\Desktop\FRST.txt
2015-09-26 11:46 - 2015-09-26 11:46 - 00000000 ____D C:\Documents and Settings\m\Desktop\FRST-OlderVersion
2015-09-23 17:56 - 2015-09-23 21:09 - 00003758 _____ C:\WINDOWS\bitssetup.log
2015-09-23 17:47 - 2014-01-11 07:45 - 00000000 ____D C:\Documents and Settings\m\Desktop\ComIntRepair
2015-09-23 17:02 - 2015-09-23 17:02 - 01586165 _____ C:\Documents and Settings\m\Desktop\ComIntRepair.exe
2015-09-22 10:53 - 2015-09-22 10:59 - 00017705 _____ C:\Documents and Settings\m\Desktop\MTB.txt
2015-09-22 10:48 - 2015-09-22 10:48 - 00002469 _____ C:\Documents and Settings\m\Desktop\FSS.txt
2015-09-22 08:33 - 2015-09-22 08:37 - 00000000 ____D C:\Documents and Settings\m\Desktop\desktop icons
2015-09-21 21:15 - 2015-09-21 21:15 - 00891392 _____ (Farbar) C:\Documents and Settings\m\Desktop\MiniToolBox.exe
2015-09-21 21:14 - 2015-09-21 21:14 - 00899072 _____ (Farbar) C:\Documents and Settings\m\Desktop\FSS.exe
2015-09-20 21:53 - 2015-09-20 21:53 - 00002528 _____ C:\Documents and Settings\m\Application Data\$_hpcst$.hpc
2015-09-12 23:16 - 2015-09-20 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-09-11 23:17 - 2015-09-26 11:47 - 00000000 ____D C:\Documents and Settings\m\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00024529 _____ C:\ComboFix.txt
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\M.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C\Local Settings\temp
2015-09-11 23:17 - 2015-09-11 23:17 - 00000000 ____D C:\Documents and Settings\Administrator.5F5A4C13557347C.000\Local Settings\temp
2015-09-11 22:57 - 2015-09-11 22:57 - 00000000 _RSHD C:\cmdcons
2015-09-11 22:57 - 2015-07-29 21:02 - 00000338 _____ C:\Boot.bak
2015-09-11 22:57 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\sam.tmp.LOG
2015-09-10 20:18 - 2015-09-10 20:18 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2015-09-10 20:17 - 2015-09-10 20:17 - 00008192 ____H C:\WINDOWS\system32\config\security.tmp.LOG
2015-09-10 19:47 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-10 19:47 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-10 19:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-10 19:47 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-10 19:46 - 2015-09-10 19:46 - 00016280 _____ C:\FixitRegBackup.reg
2015-09-04 23:43 - 2015-09-05 11:30 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-04 23:43 - 2015-09-05 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-09-03 00:25 - 2015-09-26 11:46 - 00000000 ____D C:\FRST
2015-09-02 22:14 - 2015-09-26 11:46 - 01695744 _____ (Farbar) C:\Documents and Settings\m\Desktop\FRST.exe
2015-09-01 23:34 - 2015-09-01 23:34 - 00380598 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-1035525444-725345543-1003-0.dat
2015-08-30 21:34 - 2015-08-30 21:34 - 00001695 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
2015-08-30 21:07 - 2015-08-30 21:07 - 00000702 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-08-29 00:19 - 2015-09-01 23:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-08-28 00:36 - 2015-08-28 21:54 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 11:44 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Comodo
2015-09-26 11:44 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2015-09-26 11:41 - 2010-09-09 16:42 - 01239608 ____C C:\WINDOWS\WindowsUpdate.log
2015-09-26 11:36 - 2014-02-25 05:26 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-24 22:01 - 2010-09-29 00:44 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Google
2015-09-24 17:07 - 2010-09-27 14:57 - 04481358 _____ C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10031102}.CDF
2015-09-24 16:46 - 2013-12-17 22:40 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-09-24 16:45 - 2014-03-10 12:04 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-24 16:45 - 2010-09-09 16:40 - 00000000 ____D C:\WINDOWS\Registration
2015-09-24 16:44 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-09-24 16:44 - 2010-11-28 18:15 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-09-24 16:44 - 2010-11-28 18:15 - 00000049 ____C C:\WINDOWS\wiaservc.log
2015-09-24 16:43 - 2010-09-09 18:18 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-09-24 16:37 - 2010-09-09 18:20 - 00000178 __SHC C:\Documents and Settings\m\ntuser.ini
2015-09-24 11:48 - 2015-08-17 23:36 - 00038502 _____ C:\WINDOWS\setupapi.log
2015-09-23 21:13 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settingsbkup.sfm
2015-09-23 21:13 - 2010-09-27 14:53 - 00001080 ____C C:\WINDOWS\system32\settings.sfm
2015-09-23 21:13 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-23 21:13 - 2010-09-27 14:53 - 00000288 ____C C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2015-09-23 21:12 - 2010-11-02 00:16 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job
2015-09-23 21:12 - 2010-09-09 18:20 - 00000000 ____D C:\Documents and Settings\m
2015-09-23 21:12 - 2010-09-09 18:18 - 00032022 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-23 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-09-23 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-09-23 20:39 - 2010-09-29 00:44 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job
2015-09-23 20:33 - 2015-08-10 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-21 20:33 - 2011-03-08 23:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-09-21 20:33 - 2010-12-28 22:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
2015-09-21 20:33 - 2010-12-26 22:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-09-20 21:39 - 2010-09-29 00:44 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job
2015-09-20 12:12 - 2010-11-02 00:16 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job
2015-09-20 00:06 - 2010-12-26 22:58 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-16 22:31 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\LocalService
2015-09-16 22:02 - 2010-09-30 15:06 - 00000000 ____D C:\Documents and Settings\K\Local Settings\Temp
2015-09-12 21:01 - 2010-09-09 18:18 - 00000000 ____D C:\Documents and Settings\NetworkService
2015-09-11 23:17 - 2014-07-13 20:35 - 00000000 ____D C:\Qoobox
2015-09-11 23:13 - 2004-08-10 12:00 - 00000285 _____ C:\WINDOWS\system.ini
2015-09-11 23:13 - 2004-08-10 12:00 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2015-09-11 22:57 - 2010-09-09 16:33 - 00000454 __RSH C:\boot.ini
2015-09-10 21:09 - 2014-07-13 20:31 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-10 20:19 - 2014-06-19 23:43 - 56360960 _____ C:\WINDOWS\system32\config\software.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 31195136 _____ C:\WINDOWS\system32\config\system.bak
2015-09-10 20:19 - 2014-06-19 23:43 - 00028672 _____ C:\WINDOWS\system32\config\sam.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 05369856 _____ C:\WINDOWS\system32\config\default.bak
2015-09-10 20:19 - 2014-06-19 23:42 - 00065536 _____ C:\WINDOWS\system32\config\security.bak
2015-09-10 19:31 - 2012-08-08 22:49 - 00000000 ____D C:\Documents and Settings\m\Application Data\vlc
2015-09-10 19:31 - 2011-01-09 20:33 - 00000000 ____D C:\Documents and Settings\m\Application Data\playitall
2015-09-08 20:56 - 2014-07-13 20:36 - 00000000 ____D C:\AdwCleaner
2015-09-07 14:17 - 2014-06-25 03:26 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-06 20:53 - 2015-08-21 22:51 - 00000000 __SHD C:\WINDOWS\CSC
2015-09-01 23:35 - 2012-05-17 20:49 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-01 23:34 - 2012-05-14 01:39 - 00380598 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-01 21:15 - 2010-09-09 16:42 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-01 01:14 - 2011-10-22 16:29 - 00000000 ____D C:\Program Files\WinFF
2015-08-31 00:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2015-08-30 21:54 - 2010-09-29 00:45 - 00002258 ____C C:\Documents and Settings\m\Desktop\Google Chrome.lnk
2015-08-30 21:34 - 2012-05-17 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2015-08-30 21:30 - 2012-05-17 20:36 - 00000000 ____D C:\Program Files\Comodo
2015-08-29 21:35 - 2012-09-16 19:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 21:53 - 2012-04-17 13:54 - 00778440 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-28 21:53 - 2011-05-20 01:22 - 00142536 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-28 21:51 - 2014-09-11 20:21 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Adobe
2015-08-28 00:39 - 2011-08-18 23:36 - 00000000 ____D C:\Documents and Settings\m\Application Data\Skype
2015-08-28 00:33 - 2014-11-07 13:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

==================== Files in the root of some directories =======

2015-09-20 21:53 - 2015-09-20 21:53 - 0002528 _____ () C:\Documents and Settings\m\Application Data\$_hpcst$.hpc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[curleww]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-09-2015
Ran by m (2015-09-26 11:49:06)
Running from C:\Documents and Settings\m\Desktop
Microsoft Windows XP Service Pack 3 (X86) (2010-09-09 15:47:40)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-329068152-1035525444-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.5F5A4C13557347C
ASPNET (S-1-5-21-329068152-1035525444-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-329068152-1035525444-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-329068152-1035525444-725345543-1000 - Limited - Disabled)
K (S-1-5-21-329068152-1035525444-725345543-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\K
m (S-1-5-21-329068152-1035525444-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\m
SUPPORT_388945a0 (S-1-5-21-329068152-1035525444-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-329068152-1035525444-725345543-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AliIM Plugins for Browser (HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Atlantis (Version: 1.50 - Dell) Hidden
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator 3.0 (HKLM\...\MP Navigator 3.0) (Version: - )
Canon MP600R (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R) (Version: - )
Canon MP600R User Registration (HKLM\...\Canon MP600R User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Conexant SmartHSFi V92 56K Speakerphone PCI Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2702) (Version: - )
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )
Dell Movie Studio Diagnostics (HKLM\...\InstallShield_{9ED6519B-324A-4C66-98EE-E3F54281BA78}) (Version: 1.50 - Dell)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Digital Video Repair 2.2 (HKLM\...\Digital Video Repair) (Version: - )
Dual Mode Digital Camera Z (HKLM\...\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}) (Version: 2.1 - DSC)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
FixCleaner (HKLM\...\{EFCCCA5E-6F4B-4B7B-903F-24D752DFDC64}) (Version: 2.0.4972 - Slimware Utilities, Inc.)
Free File Opener v2011.7.0.1 (HKLM\...\Free File Opener_is1) (Version: 2011.7.0.1 - Free File Opener, LLC)
Free Video to MP3 Converter version 5.0.30.1029 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
GeekBuddy (HKLM\...\{D4651C22-C4C5-4294-AD9C-91FF0F048CCC}) (Version: 4.1.31 - Comodo Security Solutions Inc)
Google Chrome (HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-329068152-1035525444-725345543-1003\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
InstallIQ Updater (HKLM\...\{A9FE59F0-5BFA-4FDF-84C6-F45457715379}) (Version: 1.4.1.0 - W3i, LLC)
Intel(R) Network Connections 16.8.46.0 (HKLM\...\{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}) (Version: 16.8.46.0 - Intel)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.8.1 - ahead software gmbh)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Nvu 1.0PR (HKLM\...\Nvu_is1) (Version: 1.0PR - Linspire Inc.)
PacketiX VPN Client (English) (HKLM\...\{F26E2781-2E22-4485-A33A-6F3E322A3F2D}) (Version: 2.20.5351 - SoftEther Corporation)
PlayItAll media player 1.0.5 (HKLM\...\PlayItAll media player) (Version: 1.0.5 - PlayItAll)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
RAR Password Recovery v1.1 RC16 (remove only) (HKLM\...\Intelore - RAR Password Recovery) (Version: - )
Roxio VideoWave Movie Creator (HKLM\...\{BB46245B-CECA-406F-8790-3ABA0D01012F}) (Version: 1.6.676.0 - Roxio, Inc.)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
SecureClean4 (HKLM\...\{83b13a64-d98a-48a2-8cbc-ec0ec5433b18}) (Version: - )
Security Task Manager 1.8d (HKLM\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Serif DrawPlus Starter Edition (HKLM\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Serif WebPlus 9.0 (HKLM\...\{4493E86C-1408-4AF6-8455-0744D25CD355}) (Version: 9.00 - Serif)
Serviio (HKLM\...\Serviio) (Version: - )
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Snagit 10 (HKLM\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Snagit 11 (HKLM\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.18.9570 - SoftEther VPN Project)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - )
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.10 beta 5 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
XHeader (HKLM\...\XHeader) (Version: 1.215 - Intellimon)
XSite Pro (HKLM\...\XSite Pro) (Version: 1.55 - Intellimon Ltd)
XSitePro2 (HKLM\...\XSitePro2) (Version: 2.01 - Intellimon Ltd)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yawcam 0.4.0 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{293600C7-E7B6-4f06-9329-D8522A33C7E8}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Chrome\Application\44.0.2403.157\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1133\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-329068152-1035525444-725345543-1003_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 12:00 - 2015-09-23 21:10 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job => C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job => C:\Documents and Settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job => C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job => C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-26 21:48 - 2011-12-15 12:38 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-20 13:35 - 2010-02-17 18:25 - 00132096 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLauncher => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-1035525444-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\m\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Serviio\bin\ServiioConsole.exe] => Enabled:ServiioConsole

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2015 11:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/24/2015 11:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/24/2015 04:54:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:51 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/24/2015 04:54:36 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


System errors:
=============
Error: (09/26/2015 11:41:40 AM) (Source: DCOM) (EventID: 10005) (User: 5F5A4C13557347C)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/24/2015 10:01:26 PM) (Source: DCOM) (EventID: 10005) (User: 5F5A4C13557347C)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (09/24/2015 09:46:25 PM) (Source: DCOM) (EventID: 10005) (User: 5F5A4C13557347C)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (09/24/2015 05:11:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/24/2015 05:10:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BANTExt
cmdGuard
Fips
intelppm
KLIF
MpFilter
OMCI

Error: (09/24/2015 05:10:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueVector Internet Monitor service failed to start due to the following error:
%%2

Error: (09/24/2015 05:10:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (09/24/2015 04:59:38 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (09/24/2015 04:59:38 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (09/24/2015 04:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PacketiX VPN Client service failed to start due to the following error:
%%3


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 12%
Total physical RAM: 3326.98 MB
Available physical RAM: 2906.2 MB
Total Virtual: 7259.48 MB
Available Virtual: 7096.82 MB

==================== Drives ================================

Drive c: (C 76gb) (Fixed) (Total:76.68 GB) (Free:9.34 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (E 232 gb) (Fixed) (Total:232.82 GB) (Free:143.07 GB) NTFS
Drive f: (F 750gb sata) (Fixed) (Total:698.64 GB) (Free:577.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: C9C9C9C9)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.8 GB) (Disk ID: C0B7C0B7)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 13B4A6DA)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[curleww]

Now have internet in normal mode
spybot came up just after running fix with
filename googleupdatesetup.exe
found un c:/ documents and settings ............ with
identified as "win32.zbot"
I have not yet deleted the above

still no f key

Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01
Ran by m (2015-09-27 21:42:06) Run:3
Running from C:\Documents and Settings\m\Desktop
Loaded Profiles: m (Available Profiles: m & K & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(GlavSoft LLC.) C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Program Files\Common Files\Comodo\tvnserver.exe
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
C:\Program Files\Common Files\Comodo\tvnserver.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-08-23] (Comodo Security Solutions Inc.)
C:\Program Files\Common Files\Comodo\launcher_service.exe
R2 tvnserver; C:\Program Files\Common Files\Comodo\tvnserver.exe [828944 2012-01-27] (GlavSoft LLC.)
C:\Program Files\Common Files\Comodo\tvnserver.exe
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]
S3 KOT; no ImagePath
S2 vpnclient; no ImagePath
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service [X]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15808 2015-08-05] (COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [631872 2015-08-05] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30144 2015-08-05] (COMODO)
C:\WINDOWS\System32\DRIVERS\cmderd.sys
C:\WINDOWS\System32\DRIVERS\cmdguard.sys
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
C:\WINDOWS\System32\DRIVERS\inspect.sys
2015-08-30 21:34 - 2015-08-30 21:34 - 00001695 _____ C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
2015-09-26 11:44 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\m\Local Settings\Application Data\Comodo
2015-09-26 11:44 - 2012-05-17 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2015-09-24 16:44 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-09-23 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-09-23 21:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-08-31 00:03 - 2014-04-11 13:16 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2015-08-30 21:34 - 2012-05-17 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2015-08-30 21:30 - 2012-05-17 20:36 - 00000000 ____D C:\Program Files\Comodo
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

*****************

C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Program Files\Common Files\Comodo\launcher_service.exe => No running process found
C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\Program Files\Common Files\Comodo\tvnserver.exe => No running process found
"C:\Program Files\Common Files\Comodo\launcher_service.exe" => File/Folder not found.
"C:\Program Files\Common Files\Comodo\tvnserver.exe" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tvncontrol => value not found.
"C:\Program Files\Common Files\Comodo\tvnserver.exe" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => value not found.
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe" => File/Folder not found.
CLPSLauncher => service not found.
"C:\Program Files\Common Files\Comodo\launcher_service.exe" => File/Folder not found.
tvnserver => service not found.
"C:\Program Files\Common Files\Comodo\tvnserver.exe" => File/Folder not found.
Avira.ServiceHost => service not found.
CmdAgent => service not found.
cmdvirth => service not found.
KOT => service not found.
vpnclient => service not found.
vsmon => service not found.
cmderd => service not found.
cmdGuard => service not found.
cmdHlp => service not found.
"C:\WINDOWS\System32\DRIVERS\cmderd.sys" => File/Folder not found.
"C:\WINDOWS\System32\DRIVERS\cmdguard.sys" => File/Folder not found.
"C:\WINDOWS\System32\DRIVERS\cmdhlp.sys" => File/Folder not found.
"C:\WINDOWS\System32\DRIVERS\inspect.sys" => File/Folder not found.
"C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk" => File/Folder not found.
"C:\Documents and Settings\m\Local Settings\Application Data\Comodo" => File/Folder not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Comodo" => File/Folder not found.
"C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job" => File/Folder not found.
"C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job" => File/Folder not found.
"C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job" => File/Folder not found.
"C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job" => File/Folder not found.
"C:\Documents and Settings\All Users\Application Data\Comodo" => File/Folder not found.
"C:\Program Files\Comodo" => File/Folder not found.
C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => not found.
C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => not found.
C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => not found.
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => not found.

==== End of Fixlog 21:42:08 ====

 

[Broni]

Good news

You can let Spybot remove that file.

Now...

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

Then...last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[curleww]

Results of screen317's Security Check version 1.009
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
SlimCleaner
FixCleaner
JavaFX 2.1.1
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.185
Adobe Reader XI
Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````
system32 AvastSvc.exe -?-
system32 AvastUI.exe -?-
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 49% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````