Solved Help with my computer. viruses?

rokit66

Posts: 17   +0
So I have windows xp sp3 and yes I know that's way outdated but I honestly like windows xp. Anyways so the other day I checked my malware bytes and it came up with the hijack control panel which I then fixed with the program but I still have doubts that it fixed it 100% and or there might be other stuff on my computer. Can someone please take a look. This is the log from Combofix

ComboFix 17-07-07.01 - Lil Steve 07/14/2017 11:50:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3548.3003 [GMT -5:00]
Running from: c:\documents and settings\Lil Steve\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\Local Settings\Application Data\reg.exe
c:\documents and settings\Lil Steve\Application Data\inst.exe
c:\documents and settings\Lil Steve\Application Data\vso_ts_preview.xml
c:\documents and settings\Lil Steve\Local Settings\Application Data\Reg.exe
c:\documents and settings\UpdatusUser.WINDOWS-923A5F4\Local Settings\Application Data\Reg.exe
c:\documents and settings\UpdatusUser\~AA9.tmp
c:\documents and settings\UpdatusUser\Local Settings\Application Data\Reg.exe
C:\Thumbs.db
c:\windows\system32\config\systemprofile\~AA9.tmp
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Reg.exe
.
.
((((((((((((((((((((((((( Files Created from 2017-06-14 to 2017-07-14 )))))))))))))))))))))))))))))))
.
.
2017-07-14 16:38 . 2017-07-14 16:42 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-14 16:45 . 2017-04-24 01:02 148256 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-14 16:45 . 2017-04-24 01:01 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-14 16:45 . 2017-04-24 01:01 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-11 13:56 . 2016-09-04 04:01 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 13:56 . 2016-09-04 04:01 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 00:45 . 2017-05-18 00:45 410928 ----a-r- c:\documents and settings\Lil Steve\Application Data\Microsoft\Installer\{8B78288C-1474-49D3-8DB7-A776F588D85C}\ARPPRODUCTICON.exe
2017-05-05 20:31 . 2017-05-05 20:31 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-05-02 01:39 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP5e4c.tmp
2017-05-02 01:15 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP6292.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-05 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-02-05 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-01-02 149280]
"RUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"DeltTray"="DeltTray.exe" [2003-09-26 56320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-04-30 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-04-30 223008]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-08-15 77824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RocketDock.lnk.disabled
backup=c:\windows\pss\RocketDock.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 11:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 23:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-01-20 13:57 2780112 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 08:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 23:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2015-04-28 20:23 2086240 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Lil Steve\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/21/2015 8:47 PM 16384]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [1/30/2015 4:13 PM 206472]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 8:17 AM 156288]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [5/5/2017 3:31 PM 23840]
R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [4/23/2017 8:02 PM 148256]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/21/2015 8:46 PM 16400]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [11/20/2016 7:09 PM 122496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/20/2016 7:09 PM 2166040]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/23/2015 12:29 AM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/23/2015 12:29 AM 4088608]
R3 DG003;Service for Digidesign 003 Driver (WDM);c:\windows\system32\drivers\dg003.sys [5/17/2017 7:45 PM 115472]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/22/2015 3:07 PM 47360]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [1/2/2008 11:05 PM 90248]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [1/2/2008 11:05 PM 180744]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [4/21/2015 1:09 PM 35712]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [4/23/2017 8:01 PM 3303888]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/23/2015 12:29 AM 235984]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/21/2015 8:46 PM 97808]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2017 9:47 PM 35504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam_prewin8.sys [5/20/2017 10:42 PM 20256]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-22 02:59 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-04 13:56]
.
2017-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2015-08-27 05:26]
.
2017-07-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-04-23 09:52]
.
2017-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-03 18:05]
.
2017-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-03 18:05]
.
2017-07-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-04-23 08:41]
.
2017-07-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-04-23 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-DelaypluginInstall - c:\documents and settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSConfigStartUp-TuneClone - c:\program files\TuneClone\TuneClone.exe
AddRemove-Roger Nichols Digital InspectorXL VST RTAS_is1 - c:\program files\Roger Nichols Digital
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-14 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,6a,64,20,11,84,76,e1,a4,79,8d,aa,6d,b6,da,a0,72,9e,88,bd,6a,
06,4d,33,bf,72,60,93,cc,4f,73,7e,c8,b5,fd,17,35,f8,b4,b8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9ddd60b-6e59-4e08-a9d2-1fe763c5e8a5}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b2
"Therad"=dword:00000008
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2017-07-14 12:00:28
ComboFix-quarantined-files.txt 2017-07-14 17:00
.
Pre-Run: 185,370,742,784 bytes free
Post-Run: 185,337,036,800 bytes free
.
- - End Of File - - 148BD2D46D360AFF70020C427ACBD53E
8F558EB6672622401DA993E1E865C861
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Sorry about that here are the logs... this is the first log



(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Doug Fetter Software Wizardry) C:\WINDOWS\system32\delttray.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [149280 2008-01-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [DeltTray] => C:\WINDOWS\system32\DeltTray.exe [56320 2003-09-26] (Doug Fetter Software Wizardry)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2007-06-27] (Nero AG)
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C4B3854D-F84A-45C6-8F48-EB4F13C79139}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-299502267-796845957-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: [S-1-5-21-299502267-796845957-1801674531-1009] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-01-02] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-01-02] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF DefaultProfile: w0isu0hn.default
FF ProfilePath: C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default [2017-07-14]
FF DefaultSearchEngine.US: C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default -> Google
FF Homepage: C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default -> hxxp://www.google.com/
FF Extension: (MEGA) - C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default\Extensions\firefox@mega.co.nz.xpi [2017-05-13]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Bitdefender QuickScan) - C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-01-07]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-01-02] [not signed]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2007-11-20] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2007-11-20] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (Google Slides) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
CHR Extension: (Google Docs) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
CHR Extension: (Poper Blocker) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-09-11]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
CHR Extension: (EditThisCookie) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-11]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
CHR Extension: (AdBlock) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-11]
CHR Profile: C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 [2017-07-15]
CHR Extension: (Google Slides) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-25]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-07-14]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-06-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-25]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-25]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (AdBlock) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-04-22] (Adobe Systems) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-11] (Adobe Systems Incorporated) [File not signed]
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2016-11-20] (ESET)
S3 idsvc; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2008-01-02] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2005-11-21] (Adaptec) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 dalwdmservice; C:\WINDOWS\System32\drivers\dalwdm.sys [97808 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
R3 DELTA; C:\WINDOWS\System32\drivers\delta.sys [386464 2003-09-26] (Midiman/M-Audio) [File not signed]
R3 DG003; C:\WINDOWS\System32\DRIVERS\dg003.sys [115472 2010-08-30] (Avid Technology, Inc.)
R0 DigiFilter; C:\WINDOWS\System32\drivers\DigiFilt.sys [16384 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 DigiNet; C:\WINDOWS\System32\DRIVERS\diginet.sys [16400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2016-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2016-11-20] (ESET)
R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [122496 2016-11-20] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [162952 2016-11-20] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [55936 2016-11-20] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [77952 2016-11-20] (ESET)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-05-05] (REALiX(tm))
R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-07-14] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2015-04-22] (VSO Software) [File not signed]
R3 rusb3hub; C:\WINDOWS\System32\DRIVERS\rusb3hub.sys [90248 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\WINDOWS\System32\DRIVERS\rusb3xhc.sys [180744 2012-08-27] (Renesas Electronics Corporation)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361344 2010-02-05] (Microsoft Corporation) [File not signed]
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2002-10-24] (VIA Technologies, Inc.) [File not signed]
S3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-05-24] (VIA Technologies, Inc.) [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-15 16:46 - 2017-07-15 16:46 - 00020199 _____ C:\Documents and Settings\Lil Steve\Desktop\FRST.txt
2017-07-15 16:46 - 2017-07-15 16:46 - 00000000 ____D C:\FRST
2017-07-15 16:45 - 2017-07-15 16:45 - 01780736 _____ (Farbar) C:\Documents and Settings\Lil Steve\Desktop\FRST.exe
2017-07-14 12:00 - 2017-07-15 16:46 - 00000000 ____D C:\Documents and Settings\Lil Steve\Local Settings\temp
2017-07-14 12:00 - 2017-07-14 12:00 - 00013691 _____ C:\ComboFix.txt
2017-07-14 12:00 - 2017-07-14 12:00 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2017-07-14 12:00 - 2017-07-14 12:00 - 00000000 ____D C:\Documents and Settings\UpdatusUser.WINDOWS-923A5F4\Local Settings\temp
2017-07-14 12:00 - 2017-07-14 12:00 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-14 12:00 - 2017-07-14 12:00 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-07-14 12:00 - 2017-07-14 12:00 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2017-07-14 11:38 - 2017-07-14 11:42 - 00000000 ____D C:\AdwCleaner
2017-07-14 11:36 - 2017-07-14 12:00 - 00000000 ____D C:\Qoobox
2017-07-14 11:36 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-07-14 11:36 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-07-14 11:36 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-07-14 11:35 - 2017-07-14 11:58 - 00000000 ____D C:\WINDOWS\erdnt
2017-07-08 16:39 - 2017-07-08 16:40 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Young Buck - 10 Toes Down
2017-07-08 16:08 - 2017-07-08 16:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\New Folder (2)
2017-07-06 21:30 - 1658-08-30 06:39 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\NoDJ-Juugman_AKA_Yung_Ralph-JFF_Just_For_Fans
2017-07-06 21:20 - 2017-07-08 16:08 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Astrid S - Astrid S (EP)
2017-07-06 21:20 - 2017-07-06 22:07 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Astrid S - Party's Over (EP)
2017-07-06 21:19 - 2017-07-08 14:39 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Sevdaliza - Ison (2017) [320]
2017-07-03 17:10 - 2017-07-03 17:10 - 81077239 _____ C:\Documents and Settings\Lil Steve\Desktop\Young Dolph - Bullet Proof (ChopNotSlop Remix By DJ Lil Steve).zip
2017-07-03 16:31 - 2017-07-03 17:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Young Dolph - Bullet Proof (ChopNotSlop Remix By DJ Lil Steve)
2017-07-02 22:08 - 2017-07-02 22:08 - 71259101 _____ C:\Documents and Settings\Lil Steve\Desktop\Yo Gotti & Mike Will Made It - Gotti Made It (ChopNotSlop Remix By DJ Lil Steve).zip
2017-07-02 20:37 - 2017-07-02 22:05 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Yo Gotti & Mike Will Made It - Gotti Made It (ChopNotSlop Remix By DJ Lil Steve)
2017-06-26 17:17 - 2016-08-21 21:59 - 00001819 _____ C:\Documents and Settings\Lil Steve\My Documents\Google Chrome.lnk
2017-06-24 11:23 - 2017-06-24 11:52 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Gotti_Made_It_Album_1604ENT.COM
2017-06-24 11:23 - 2017-06-24 11:48 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\NoDJ-Juicy_J-Gas_Face
2017-06-24 09:46 - 2017-06-24 09:46 - 00090112 _____ C:\WINDOWS\Minidump\Mini062417-01.dmp
2017-06-17 19:46 - 2017-06-17 20:06 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\New Folder (5)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-15 16:08 - 2008-01-02 22:54 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-15 15:56 - 2016-09-03 23:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-15 07:08 - 2008-01-02 22:01 - 00032598 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-14 22:46 - 2016-10-14 20:00 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-07-14 22:46 - 2008-01-02 12:20 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-07-14 19:08 - 2008-01-02 22:54 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-14 17:22 - 2017-05-16 22:30 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\Digidesign
2017-07-14 16:19 - 2008-01-02 12:11 - 00000000 ____D C:\Program Files\Outlook Express
2017-07-14 16:18 - 2008-01-02 22:31 - 00016534 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-07-14 12:44 - 2016-12-26 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2017-07-14 12:00 - 2008-01-02 22:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-14 12:00 - 2008-01-02 13:03 - 00000000 ___HD C:\Documents and Settings\Default User
2017-07-14 11:58 - 2008-01-02 22:29 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2017-07-14 11:58 - 2004-09-01 03:00 - 00000227 _____ C:\WINDOWS\system.ini
2017-07-14 11:45 - 2017-04-23 20:02 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-14 11:45 - 2017-04-23 20:01 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-14 11:45 - 2017-04-23 20:01 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-14 11:44 - 2015-04-23 00:29 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-07-14 11:42 - 2017-05-03 19:47 - 00000178 ___SH C:\Documents and Settings\UpdatusUser.WINDOWS-923A5F4\ntuser.ini
2017-07-14 11:42 - 2008-01-02 22:02 - 00000178 ___SH C:\Documents and Settings\Lil Steve\ntuser.ini
2017-07-14 11:42 - 2008-01-02 22:02 - 00000000 ____D C:\Documents and Settings\Lil Steve
2017-07-13 20:45 - 2015-04-22 15:07 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\Vso
2017-07-13 13:28 - 2004-09-01 03:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-07-12 17:56 - 2015-04-23 00:29 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-07-11 23:15 - 2015-09-25 19:03 - 00007168 ___SH C:\WINDOWS\Thumbs.db
2017-07-11 08:56 - 2016-09-03 23:01 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-11 08:56 - 2016-09-03 23:01 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-11 08:56 - 2008-01-02 12:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-09 17:13 - 2016-07-13 14:24 - 00001456 _____ C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2017-07-08 18:04 - 2015-12-19 23:20 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2017-07-04 22:23 - 2016-04-10 16:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\breakin **** 6 beats
2017-07-04 19:55 - 2015-04-23 16:11 - 00000000 ____D C:\Documents and Settings\Lil Steve\My Documents\ConvertXToDVD
2017-07-04 18:41 - 2008-01-02 22:02 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\uTorrent
2017-07-04 12:21 - 2016-04-07 22:23 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\New Folder
2017-07-03 16:54 - 2015-04-22 15:05 - 00001311 _____ C:\WINDOWS\sam8_d.INI
2017-07-03 16:54 - 2004-09-01 03:00 - 00000622 _____ C:\WINDOWS\win.ini
2017-07-01 09:43 - 2015-04-23 00:29 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-06-24 09:46 - 2015-09-27 22:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-16 10:30 - 2015-11-08 13:51 - 00000000 ____D C:\New Folder (2)

==================== Files in the root of some directories =======

2015-04-22 15:07 - 2015-04-22 15:07 - 0007887 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.cat
2015-04-22 15:07 - 2015-04-22 15:07 - 0001144 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.inf
2015-04-22 15:07 - 2015-04-22 15:07 - 0000034 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.log
2015-04-22 15:07 - 2015-04-22 15:07 - 0047360 _____ (VSO Software) C:\Documents and Settings\Lil Steve\Application Data\pcouffin.sys
2016-07-13 14:24 - 2017-07-09 17:13 - 0001456 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2017-01-07 02:54 - 2017-01-31 20:04 - 1044765 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\ars.cache
2017-01-07 02:55 - 2017-01-31 20:04 - 0699652 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\census.cache
2015-09-25 19:03 - 2017-04-15 19:07 - 0006144 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-17 19:32 - 2017-05-17 19:32 - 0035404 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\FASTWiz.log
2017-01-07 02:31 - 2017-01-07 02:31 - 0000036 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\housecall.guid.cache
2017-04-14 20:04 - 2017-04-14 20:04 - 0001383 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\recently-used.xbel
2017-01-07 02:47 - 2017-01-31 19:52 - 0000010 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\sponge.last.runtime.cache
2017-01-11 00:26 - 2017-01-11 00:26 - 0000279 _____ () C:\Documents and Settings\All Users\Application Data\fontcacheev1.dat
2016-05-02 22:21 - 2016-05-02 22:21 - 0000016 _____ () C:\Documents and Settings\All Users\Application Data\mntemp
2016-05-02 22:21 - 2016-05-02 22:21 - 0005005 _____ () C:\Documents and Settings\All Users\Application Data\rxsmznjf.zcp

==================== Bamital & volsnap ======================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Lil Steve (15-07-2017 16:47:06)
Running from C:\Documents and Settings\Lil Steve\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-01-02 17:19:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-796845957-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-299502267-796845957-1801674531-1008 - Limited - Enabled)
Guest (S-1-5-21-299502267-796845957-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-796845957-1801674531-1000 - Limited - Disabled)
Lil Steve (S-1-5-21-299502267-796845957-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Lil Steve
qgmuuctr (S-1-5-21-299502267-796845957-1801674531-1007 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-796845957-1801674531-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-796845957-1801674531-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser.WINDOWS-923A5F4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - )
Acon Digital Equalize (32 bit) 1.0.2 (HKLM\...\{CD703BA3-0B62-4020-921B-A488AD6CBDD5}_is1) (Version: 1.0.2 - Acon AS)
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5C085A19-B4A1-6686-0103-E9E6F7B2831A}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Analog Channel (HKLM\...\{F972AAC6-5E7D-4B0E-B54A-CCEF1788E1B5}) (Version: 2.6.4 - McDSP) Hidden
Antares Autotune VST RTAS TDM v5.08 (HKLM\...\Antares Autotune VST RTAS TDM_is1) (Version: - Team AiR 2007)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Avid 002 Rack and 003 Rack Driver (x86) (HKLM\...\{8B78288C-1474-49D3-8DB7-A776F588D85C}) (Version: 9.0 - Avid Technology, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brainworx BX Digital VST RTAS v2.1.2 (HKLM\...\Brainworx BX Digital_is1) (Version: - )
CompressorBank (HKLM\...\{D3D891E2-322A-4F6D-904B-A0BF684E71AB}) (Version: 3.6.4 - McDSP) Hidden
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
DeskSpace 1.5.2 (HKU\S-1-5-19\...\DeskSpace) (Version: 1.5.2 - Otaku Software)
DeskSpace 1.5.2 (HKU\S-1-5-20\...\DeskSpace) (Version: 1.5.2 - Otaku Software)
DeskSpace 1.5.2 (HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\DeskSpace) (Version: 1.5.2 - Otaku Software)
DigiDesign Focusrite D2 1.71.345 (HKLM\...\DigiDesign Focusrite D2 1.71.345) (Version: - )
DigiDesign Focusrite D3 AudioSuite 1.51.345 (HKLM\...\DigiDesign Focusrite D3 AudioSuite 1.51.345) (Version: - )
Digidesign MP3 Option 8.0 (HKLM\...\{4BEC9FEB-36A5-4882-84E8-EAD525D961EE}) (Version: 8.0 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Pro Tools LE 8.0.1 (HKLM\...\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}) (Version: 8.0.1 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Smack! (HKLM\...\{45393511-C3C2-4DF0-B7BE-0B6F1248E291}) (Version: - )
ESET Smart Security (HKLM\...\{C018BFFE-60B5-4EB1-BA74-E4246C09899F}) (Version: 9.0.377.0 - ESET, spol. s r.o.)
Eventide Ensemble Bundle (HKLM\...\Eventide Ensemble Bundle) (Version: 1.0.7 - Eventide)
FilterBank (HKLM\...\{4A9CB960-46DD-4DCE-8B71-755D33D6EC18}) (Version: 3.6.4 - McDSP) Hidden
FilterBank (HKLM\...\{F46D6852-0C1D-48F3-AECB-A1F8D9979FF1}) (Version: 3.6.4 - McDSP)
FlashFXP v4.2 (HKLM\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 4.2.5.1810 - OpenSight Software, LLC)
FlashPeak Slimjet (HKLM\...\Slimjet) (Version: 10.0.13.0 - FlashPeak Inc.)
Flux Full Pack 2.1 (HKLM\...\Flux Full Pack 2.1) (Version: 3.4.6 - Flux)
FocalBlade 2.02 (Plugin) (HKLM\...\FocalBlade 2.02 (Plugin)_is1) (Version: - The Plugin Site)
Focusrite d3 (HKLM\...\Focusrite d3) (Version: - )
Free DigiRack Plug-Ins 8.0.1 (HKLM\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 8.0.1 - Digidesign, A Division of Avid Technology, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.99 - Google Inc.) Hidden
Intel(R) C++ Redistributables on IA-32 (HKLM\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
K-Lite Mega Codec Pack 3.5.7 (HKLM\...\KLiteCodecPack_is1) (Version: 3.5.7 - )
Magix Samplitude Professional v8.0 (HKLM\...\Magix Samplitude Professional v8.0) (Version: - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MC2000 (HKLM\...\{A8D19261-B258-43B5-AC0B-843D507A607D}) (Version: 2.6.4 - McDSP) Hidden
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Noveltech Character 1.1 (HKLM\...\Noveltech Character_is1) (Version: - Plugin Alliance)
NVIDIA Graphics Driver 320.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.09 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ohm Force - Ohmicide RTAS (HKLM\...\Ohmicide RTAS) (Version: - )
PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pitch'n'Time RTAS v2.1 (HKLM\...\Pitch'n'Time RTAS v2.1) (Version: - )
PSP VintageWarmer2 2.5.2 32bit (HKLM\...\PSP VintageWarmer2 2.5.2 32bit) (Version: 2.5.2 32bit - PSPaudioware.com)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Softube Trident A-Range VST RTAS v1.0.2 (HKLM\...\Softube Trident A-Range VST RTAS_is1) (Version: - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Sonnoxplugins Oxford Elite Collection Native v1.0 (HKLM\...\Sonnoxplugins Oxford Elite Collection Native_is1) (Version: - )
SPL Analog Code Bundle v1.1 (HKLM\...\SPL Analog Code Bundle_is1) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
Topaz Adjust 5 (HKLM\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM\...\Topaz Detail 3) (Version: 3.0.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Vst To Rtas Adapter V2.11 (HKLM\...\Vst To Rtas Adapter V2.11) (Version: "2.11" - "FXpansion")
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.08.31 - Waves)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers01: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-11-20] (ESET)
ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers01: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File
ContextMenuHandlers02: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-11-20] (ESET)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2016-07-10] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2013-04-29] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers06: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-11-20] (ESET)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-23 00:28 - 2014-05-13 05:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-23 00:28 - 2014-05-13 05:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-23 00:28 - 2014-05-13 05:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-23 00:28 - 2012-08-23 03:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-23 00:28 - 2012-04-03 10:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-01-02 12:18 - 2007-05-05 05:40 - 00128512 _____ () C:\Program Files\WinRar\rarext.dll
2008-04-13 23:41 - 2008-04-13 23:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-13 23:42 - 2008-04-13 23:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-09-06 16:24 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 16:24 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Outlook Express:Ryss2nXYUV2o0dwN2Rd9UgW1WTySf [2030]
AlternateDataStreams: C:\Program Files\Common Files\System:mUtr7yzejiPeS862spn [2206]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:aU6guJiDqaPf1DUHbF [2156]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:gJB9PS6hgiBMCGpetKC [2328]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:hIsZOaQCDf63kJeO2 [1836]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:iursAy5KaPkMASxkGsWZorbQAT [2020]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:J0Jmf4ZT7HOdHpjjNu6X [2080]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:pq9v2fwqi3UOZFgAEekHwm [2012]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:riXmOESG3GMD1L7DqJJhA [2050]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:z1WjsCpT24FNpXlrc9pkyz [2172]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\PACE:9D80DE7979F97D4A [217]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Cookies:3TL7h4me3JYOW9zNMtmrtWQ15p [2134]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Application Data:buR7Jz17Q8xJ3YEJEli17Teh [2160]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Application Data:M68e9UkI2TxZr3eqGyUM0zH8B [1960]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\temp:ahlpW2Wg9NlAwsVwU0aK [1998]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Temporary Internet Files:RrsMwdSvPJiBUmB7KaWEhg [1840]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123simsen.com -> www.123simsen.com

There are 7922 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-09-01 03:00 - 2017-07-14 11:58 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-796845957-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-299502267-796845957-1801674531-1009\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk.disabled => C:\WINDOWS\pss\RocketDock.lnk.disabledCommon Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Lil Steve\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent (Lil Steve)
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

==================== Restore Points =========================

17-05-2017 18:51:40 System Checkpoint
17-05-2017 19:12:11 Update to an unsigned driver
17-05-2017 19:58:20 Unsigned driver install
17-05-2017 21:33:13 Unsigned driver install
18-05-2017 17:55:15 Configured Pro Tools LE
18-05-2017 17:57:47 Installed Digidesign Audio Drivers
18-05-2017 18:12:48 Installed Free DigiRack Plug-Ins
18-05-2017 18:13:20 Installed Pro Tools Creative Collection
19-05-2017 19:10:39 System Checkpoint
20-05-2017 20:01:26 System Checkpoint
20-05-2017 22:07:52 Installed SES Driver
20-05-2017 22:41:45 WD SmartWare Installer
20-05-2017 22:53:43 WD SmartWare Installer
20-05-2017 23:00:07 WD SmartWare Installer
20-05-2017 23:03:58 Removed SES Driver
21-05-2017 11:53:58 Update to an unsigned driver
22-05-2017 12:50:51 System Checkpoint
23-05-2017 13:50:50 System Checkpoint
24-05-2017 14:50:50 System Checkpoint
25-05-2017 15:50:50 System Checkpoint
26-05-2017 19:27:08 System Checkpoint
27-05-2017 13:56:33 Removed Pro Tools Creative Collection
28-05-2017 14:11:24 System Checkpoint
29-05-2017 15:11:26 System Checkpoint
30-05-2017 16:11:26 System Checkpoint
31-05-2017 17:11:26 System Checkpoint
01-06-2017 18:11:26 System Checkpoint
02-06-2017 19:46:50 System Checkpoint
03-06-2017 20:12:31 System Checkpoint
04-06-2017 21:13:13 System Checkpoint
05-06-2017 22:11:22 System Checkpoint
06-06-2017 23:11:22 System Checkpoint
07-06-2017 23:39:53 System Checkpoint
09-06-2017 07:16:19 System Checkpoint
10-06-2017 07:45:19 System Checkpoint
11-06-2017 08:45:20 System Checkpoint
12-06-2017 09:45:19 System Checkpoint
13-06-2017 10:23:20 System Checkpoint
14-06-2017 11:23:21 System Checkpoint
15-06-2017 11:23:32 System Checkpoint
16-06-2017 12:48:37 System Checkpoint
17-06-2017 13:23:07 System Checkpoint
18-06-2017 14:08:10 System Checkpoint
19-06-2017 15:21:36 System Checkpoint
20-06-2017 15:30:12 System Checkpoint
21-06-2017 16:30:11 System Checkpoint
22-06-2017 17:30:12 System Checkpoint
23-06-2017 18:30:12 System Checkpoint
24-06-2017 18:58:03 System Checkpoint
25-06-2017 20:49:45 System Checkpoint
26-06-2017 21:38:21 System Checkpoint
27-06-2017 23:13:09 System Checkpoint
28-06-2017 23:45:45 System Checkpoint
30-06-2017 00:45:45 System Checkpoint
01-07-2017 01:32:15 System Checkpoint
02-07-2017 03:47:47 System Checkpoint
03-07-2017 04:45:03 System Checkpoint
04-07-2017 04:45:10 System Checkpoint
05-07-2017 05:45:14 System Checkpoint
06-07-2017 06:13:06 System Checkpoint
07-07-2017 07:13:35 System Checkpoint
08-07-2017 08:00:06 System Checkpoint
09-07-2017 08:51:50 System Checkpoint
10-07-2017 09:17:56 System Checkpoint
11-07-2017 10:17:55 System Checkpoint
12-07-2017 10:40:50 System Checkpoint
13-07-2017 11:28:01 System Checkpoint
14-07-2017 11:24:51 Revo Uninstaller Pro's restore point - Wise Registry Cleaner 9.44
14-07-2017 12:59:57 Checkpoint by HitmanPro
14-07-2017 13:00:23 Checkpoint by HitmanPro
14-07-2017 13:00:29 Checkpoint by HitmanPro
14-07-2017 13:00:34 Checkpoint by HitmanPro
14-07-2017 13:00:40 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2017 10:58:13 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:55:08 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:53:01 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:50:39 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:45:06 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.


System errors:
=============
Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\C24_Resource804.dll.
Reference error message: The operation completed successfully.
.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\C24_Resource412.dll.
Reference error message: The operation completed successfully.
.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\C24_Resource411.dll.
Reference error message: The operation completed successfully.
.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/14/2017 04:19:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\C24_Resource404.dll.
Reference error message: The operation completed successfully.
.
 
Last edited:
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.11.6.0 [Jul 10 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Lil Steve [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 07/15/2017 17:46:28 (Duration : 00:23:09)
Switches : -refid

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] daemonu.exe(1536) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[7] -> Found

¤¤¤ Registry : 38 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Deleted
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939} ("C:\Program Files\Wondershare\Video Converter Ultimate\URLReqService.exe") -> Deleted
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-299502267-796845957-1801674531-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[Tr.Gen0][File] C:\Documents and Settings\Lil Steve\Application Data\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[Hidden.ADS][Stream] C:\Documents and Settings\Lil Steve\Local Settings\Application Data:buR7Jz17Q8xJ3YEJEli17Teh -> Deleted
[Hidden.ADS][Stream] C:\Documents and Settings\Lil Steve\Local Settings\Application Data:M68e9UkI2TxZr3eqGyUM0zH8B -> Deleted
[PUP.Gen1][Folder] C:\Documents and Settings\Lil Steve\Local Settings\Application Data\DriverToolkit -> Deleted
[PUP.Gen1][Folder] C:\Documents and Settings\Lil Steve\Local Settings\Application Data\PackageAware -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AZLX-00CL5A0 +++++
--- User ---
[MBR] deae4002f893bb84dc274cec0b8929c2
[BSP] f83732e11569334aab90979bb22b318b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2500AAJB-00J3A0 +++++
--- User ---
[MBR] ed506609a375072609e55446a9460a41
[BSP] 4b765bba810dae4e6902725035db52a0 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: General USB Flash Disk USB Device +++++
--- User ---
[MBR] d30785c4724d7a428117db075ddb3e68
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 24 | Size: 3837 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/15/17
Scan Time: 6:17 PM
Logfile: 00.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2372
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: WINDOWS-923A5F4\Lil Steve

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293457
Time Elapsed: 12 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
# AdwCleaner v6.047 - Logfile created 15/07/2017 at 18:32:50
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Lil Steve - WINDOWS-923A5F4
# Running from : C:\Documents and Settings\Lil Steve\Local Settings\temp\scoped_dir896_22304\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1943 Bytes] - [14/07/2017 11:42:21]
C:\AdwCleaner\AdwCleaner[S0].txt - [1968 Bytes] - [14/07/2017 11:41:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1212 Bytes] - [15/07/2017 18:32:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1285 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Lil Steve (Limited) on Sat 07/15/2017 at 18:33:49.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9CNAWS1T (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EBKG1F3M (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H06INB65 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P1B1O6DW (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9CNAWS1T (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EBKG1F3M (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H06INB65 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P1B1O6DW (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/15/2017 at 18:36:22.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 17-07-07.01 - Lil Steve 07/15/2017 20:03:05.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3548.2824 [GMT -5:00]
Running from: c:\documents and settings\Lil Steve\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2017-06-16 to 2017-07-16 )))))))))))))))))))))))))))))))
.
.
2017-07-15 22:46 . 2017-07-15 22:46 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-15 22:46 . 2017-07-15 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2017-07-15 22:45 . 2017-07-15 22:46 -------- d-----w- c:\program files\RogueKiller
2017-07-15 22:45 . 2017-07-15 22:45 -------- d-----w- C:\Documents
2017-07-15 21:46 . 2017-07-15 21:50 -------- d-----w- C:\FRST
2017-07-14 16:38 . 2017-07-15 23:32 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-15 23:14 . 2017-04-24 01:01 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-15 23:14 . 2017-04-24 01:01 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-14 16:45 . 2017-04-24 01:02 148256 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-11 13:56 . 2016-09-04 04:01 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 13:56 . 2016-09-04 04:01 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 00:45 . 2017-05-18 00:45 410928 ----a-r- c:\documents and settings\Lil Steve\Application Data\Microsoft\Installer\{8B78288C-1474-49D3-8DB7-A776F588D85C}\ARPPRODUCTICON.exe
2017-05-05 20:31 . 2017-05-05 20:31 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-05-02 01:39 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP5e4c.tmp
2017-05-02 01:15 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP6292.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-05 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-02-05 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-01-02 149280]
"RUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"DeltTray"="DeltTray.exe" [2003-09-26 56320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-04-30 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-04-30 223008]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-08-15 77824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RocketDock.lnk.disabled
backup=c:\windows\pss\RocketDock.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 11:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 23:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-01-20 13:57 2780112 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 08:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 23:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2015-04-28 20:23 2086240 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Lil Steve\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/21/2015 8:47 PM 16384]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [1/30/2015 4:13 PM 206472]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 8:17 AM 156288]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [5/5/2017 3:31 PM 23840]
R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [4/23/2017 8:02 PM 148256]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/21/2015 8:46 PM 16400]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [11/20/2016 7:09 PM 122496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/20/2016 7:09 PM 2166040]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/23/2015 12:29 AM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/23/2015 12:29 AM 4088608]
R3 DG003;Service for Digidesign 003 Driver (WDM);c:\windows\system32\drivers\dg003.sys [5/17/2017 7:45 PM 115472]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/22/2015 3:07 PM 47360]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [1/2/2008 11:05 PM 90248]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [1/2/2008 11:05 PM 180744]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [4/21/2015 1:09 PM 35712]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [4/23/2017 8:01 PM 3303888]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/23/2015 12:29 AM 235984]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/21/2015 8:46 PM 97808]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2017 9:47 PM 35504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam_prewin8.sys [5/20/2017 10:42 PM 20256]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - TRUESIGHT
*NewlyCreated* - WS2IFSL
*Deregistered* - ESProtectionDriver
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-04 13:56]
.
2017-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2015-08-27 05:26]
.
2017-07-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-04-23 09:52]
.
2017-07-15 c:\windows\Tasks\Opera scheduled Autoupdate 1500157892.job
- c:\program files\Opera\launcher.exe [2017-07-15 12:29]
.
2017-07-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-04-23 08:41]
.
2017-07-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-04-23 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-15 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,6a,64,20,11,84,76,e1,a4,79,8d,aa,6d,b6,da,a0,72,9e,88,bd,6a,
06,4d,33,bf,72,60,93,cc,4f,73,7e,c8,b5,fd,17,35,f8,b4,b8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9ddd60b-6e59-4e08-a9d2-1fe763c5e8a5}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b2
"Therad"=dword:00000008
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1740)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2017-07-15 20:09:01
ComboFix-quarantined-files.txt 2017-07-16 01:08
ComboFix2.txt 2017-07-14 17:00
.
Pre-Run: 185,261,051,904 bytes free
Post-Run: 185,256,095,744 bytes free
.
- - End Of File - - 9ED8B07C7369D68A4A08957EB24CB5D0
8F558EB6672622401DA993E1E865C861
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/15/2017 08:16:50 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* IPSEC driver (IPSec) is not Running.
Startup Type set to: System

* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

* Srv [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 02/05/2010 04:27 PM : c951db3d9b6ef3cf4b82454d30a8bf59 [NoSig]

* C:\WINDOWS\System32\UxTheme.dll : 218,624 : 02/05/2010 04:27 PM : 88f5be9ae5b87b82e83718f3e425e82d [NoSig]

* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,344 : 02/05/2010 04:27 PM : 68f06fe0021b01e670af37b8c5964fdf [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/15/2017 08:17:57 PM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by Lil Steve (administrator) on WINDOWS-923A5F4 (16-07-2017 19:58:21)
Running from C:\Documents and Settings\Lil Steve\Local Settings\temp\scoped_dir1104_10512
Loaded Profiles: Lil Steve & UpdatusUser (Available Profiles: Lil Steve & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Doug Fetter Software Wizardry) C:\WINDOWS\system32\delttray.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [DeltTray] => C:\WINDOWS\system32\DeltTray.exe [56320 2003-09-26] (Doug Fetter Software Wizardry)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2007-06-27] (Nero AG)
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1D301125-DF33-400E-999A-5B2890F0E187}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C4B3854D-F84A-45C6-8F48-EB4F13C79139}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-796845957-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-299502267-796845957-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: [S-1-5-21-299502267-796845957-1801674531-1009] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-01-02] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-01-02] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF DefaultProfile: w0isu0hn.default
FF ProfilePath: C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default [2017-07-14]
FF DefaultSearchEngine.US: C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default -> Google
FF Homepage: C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default -> hxxp://www.google.com/
FF Extension: (MEGA) - C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default\Extensions\firefox@mega.co.nz.xpi [2017-05-13]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Bitdefender QuickScan) - C:\Documents and Settings\Lil Steve\Application Data\Mozilla\Firefox\Profiles\w0isu0hn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-01-07]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-01-02] [not signed]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2007-11-20] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2007-11-20] (RealNetworks, Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-04-22] (Adobe Systems) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-11] (Adobe Systems Incorporated) [File not signed]
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [159744 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2016-11-20] (ESET)
S3 idsvc; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2008-01-02] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2005-11-21] (Adaptec) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 dalwdmservice; C:\WINDOWS\System32\drivers\dalwdm.sys [97808 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
R3 DELTA; C:\WINDOWS\System32\drivers\delta.sys [386464 2003-09-26] (Midiman/M-Audio) [File not signed]
S3 DG003; C:\WINDOWS\System32\DRIVERS\dg003.sys [115472 2010-08-30] (Avid Technology, Inc.)
R0 DigiFilter; C:\WINDOWS\System32\drivers\DigiFilt.sys [16384 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2016-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2016-11-20] (ESET)
R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [122496 2016-11-20] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [162952 2016-11-20] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [55936 2016-11-20] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [77952 2016-11-20] (ESET)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-05-05] (REALiX(tm))
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2015-04-22] (VSO Software) [File not signed]
R3 rusb3hub; C:\WINDOWS\System32\DRIVERS\rusb3hub.sys [90248 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\WINDOWS\System32\DRIVERS\rusb3xhc.sys [180744 2012-08-27] (Renesas Electronics Corporation)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361344 2010-02-05] (Microsoft Corporation) [File not signed]
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2002-10-24] (VIA Technologies, Inc.) [File not signed]
S3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-05-24] (VIA Technologies, Inc.) [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 00:39 - 2017-07-16 14:06 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\Digidesign
2017-07-16 00:37 - 2017-07-16 00:37 - 00000000 ____D C:\Digidesign Databases
2017-07-16 00:29 - 2017-07-16 00:29 - 00001646 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pro Tools LE.lnk
2017-07-16 00:29 - 2017-07-16 00:29 - 00001640 _____ C:\Documents and Settings\All Users\Desktop\Pro Tools LE.lnk
2017-07-15 20:32 - 2017-07-15 20:32 - 00005632 ___SH C:\Documents and Settings\Lil Steve\My Documents\Thumbs.db
2017-07-15 20:13 - 2017-07-15 20:14 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-07-15 20:12 - 2017-07-15 20:14 - 00000000 ____D C:\Documents and Settings\Administrator
2017-07-15 20:12 - 2017-07-15 20:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-15 20:12 - 2008-01-02 12:18 - 00000788 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\WinAvi.lnk
2017-07-15 20:12 - 2008-01-02 12:18 - 00000762 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Sub2Srt.lnk
2017-07-15 20:12 - 2008-01-02 12:18 - 00000760 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Screamer Radio.lnk
2017-07-15 20:12 - 2008-01-02 12:18 - 00000734 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\VirtualDub.lnk
2017-07-15 20:12 - 2008-01-02 12:18 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
2017-07-15 20:12 - 2008-01-02 12:17 - 00000929 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Readon Player.lnk
2017-07-15 20:12 - 2008-01-02 12:17 - 00000852 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Photoshop CS4.lnk
2017-07-15 20:12 - 2008-01-02 12:17 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Winamp
2017-07-15 20:12 - 2008-01-02 12:16 - 00000816 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\JDownloader.lnk
2017-07-15 20:12 - 2008-01-02 12:16 - 00000714 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Mpg2Cut2.lnk
2017-07-15 20:12 - 2008-01-02 12:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Real
2017-07-15 20:12 - 2008-01-02 12:16 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real
2017-07-15 20:12 - 2008-01-02 12:15 - 00000688 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\HJSplit.lnk
2017-07-15 20:12 - 2008-01-02 12:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2017-07-15 20:12 - 2008-01-02 12:14 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2017-07-15 20:12 - 2008-01-02 12:14 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\DeskSpace
2017-07-15 20:11 - 2017-07-15 20:13 - 00140232 _____ C:\WINDOWS\ntbtlog.txt
2017-07-15 20:09 - 2017-07-16 19:58 - 00000000 ____D C:\Documents and Settings\Lil Steve\Local Settings\temp
2017-07-15 20:09 - 2017-07-15 20:09 - 00013016 _____ C:\ComboFix.txt
2017-07-15 20:09 - 2017-07-15 20:09 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2017-07-15 20:09 - 2017-07-15 20:09 - 00000000 ____D C:\Documents and Settings\UpdatusUser.WINDOWS-923A5F4\Local Settings\temp
2017-07-15 20:09 - 2017-07-15 20:09 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-15 20:09 - 2017-07-15 20:09 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-07-15 20:09 - 2017-07-15 20:09 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2017-07-15 17:46 - 2017-07-15 18:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-07-15 17:46 - 2017-07-15 17:46 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-15 17:40 - 2017-07-15 17:40 - 00220450 _____ C:\bookmarks_7_15_17.html
2017-07-15 17:31 - 2017-07-16 17:31 - 00000422 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1500157892.job
2017-07-15 17:31 - 2017-07-15 17:31 - 00000675 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2017-07-15 16:46 - 2017-07-16 19:58 - 00000000 ____D C:\FRST
2017-07-14 11:38 - 2017-07-15 18:32 - 00000000 ____D C:\AdwCleaner
2017-07-14 11:36 - 2017-07-15 20:09 - 00000000 ____D C:\Qoobox
2017-07-14 11:36 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-07-14 11:36 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-07-14 11:36 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-07-14 11:36 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-07-14 11:35 - 2017-07-14 11:58 - 00000000 ____D C:\WINDOWS\erdnt
2017-07-08 16:39 - 2017-07-08 16:40 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Young Buck - 10 Toes Down
2017-07-08 16:08 - 2017-07-08 16:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\New Folder (2)
2017-07-06 21:30 - 1658-08-30 06:39 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\NoDJ-Juugman_AKA_Yung_Ralph-JFF_Just_For_Fans
2017-07-06 21:20 - 2017-07-08 16:08 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Astrid S - Astrid S (EP)
2017-07-06 21:20 - 2017-07-06 22:07 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Astrid S - Party's Over (EP)
2017-07-06 21:19 - 2017-07-08 14:39 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Sevdaliza - Ison (2017) [320]
2017-07-03 17:10 - 2017-07-03 17:10 - 81077239 _____ C:\Documents and Settings\Lil Steve\Desktop\Young Dolph - Bullet Proof (ChopNotSlop Remix By DJ Lil Steve).zip
2017-07-03 16:31 - 2017-07-03 17:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Young Dolph - Bullet Proof (ChopNotSlop Remix By DJ Lil Steve)
2017-07-02 22:08 - 2017-07-02 22:08 - 71259101 _____ C:\Documents and Settings\Lil Steve\Desktop\Yo Gotti & Mike Will Made It - Gotti Made It (ChopNotSlop Remix By DJ Lil Steve).zip
2017-07-02 20:37 - 2017-07-02 22:05 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Yo Gotti & Mike Will Made It - Gotti Made It (ChopNotSlop Remix By DJ Lil Steve)
2017-06-26 17:17 - 2016-08-21 21:59 - 00001819 _____ C:\Documents and Settings\Lil Steve\My Documents\Google Chrome.lnk
2017-06-24 11:23 - 2017-06-24 11:52 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\Gotti_Made_It_Album_1604ENT.COM
2017-06-24 11:23 - 2017-06-24 11:48 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\NoDJ-Juicy_J-Gas_Face
2017-06-24 09:46 - 2017-06-24 09:46 - 00090112 _____ C:\WINDOWS\Minidump\Mini062417-01.dmp
2017-06-17 19:46 - 2017-07-16 14:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\New Folder (5)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 19:56 - 2016-09-03 23:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-16 17:56 - 2008-01-02 22:01 - 00032368 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-16 14:57 - 2008-01-02 22:31 - 00016678 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-07-16 14:07 - 2008-01-02 13:04 - 00589302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-16 13:50 - 2008-01-02 12:11 - 00000000 ____D C:\Program Files\Outlook Express
2017-07-16 13:48 - 2017-04-23 20:01 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-16 13:47 - 2015-05-12 20:38 - 00000000 ____D C:\Program Files\Opera
2017-07-16 13:47 - 2015-04-23 00:29 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-07-16 13:47 - 2008-01-02 22:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-16 13:46 - 2008-01-02 22:02 - 00000178 ___SH C:\Documents and Settings\Lil Steve\ntuser.ini
2017-07-16 13:46 - 2008-01-02 22:02 - 00000000 ____D C:\Documents and Settings\Lil Steve
2017-07-16 04:47 - 2008-01-02 13:02 - 00000239 ___SH C:\boot.ini
2017-07-16 04:47 - 2004-09-01 03:00 - 00000622 _____ C:\WINDOWS\win.ini
2017-07-16 04:47 - 2004-09-01 03:00 - 00000227 _____ C:\WINDOWS\system.ini
2017-07-16 04:38 - 2008-01-02 13:00 - 00000000 ___HD C:\WINDOWS\inf
2017-07-16 04:26 - 2008-01-02 22:02 - 00020560 _____ C:\Documents and Settings\Lil Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-07-16 00:32 - 2008-01-02 13:03 - 03465120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-16 00:29 - 2015-04-21 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Digidesign
2017-07-16 00:21 - 2015-04-21 20:46 - 00000000 ____D C:\Program Files\Digidesign
2017-07-16 00:21 - 2015-04-21 20:46 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2017-07-16 00:21 - 2008-01-02 22:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-07-15 20:26 - 2008-01-02 12:20 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-07-15 20:12 - 2008-01-02 13:03 - 00000000 ____D C:\Documents and Settings
2017-07-15 20:12 - 2004-09-01 03:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-07-15 18:45 - 2008-01-02 22:54 - 00000000 ____D C:\Program Files\Google
2017-07-15 18:44 - 2008-01-02 22:54 - 00000000 ____D C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Google
2017-07-15 18:33 - 2017-05-03 19:47 - 00000178 ___SH C:\Documents and Settings\UpdatusUser.WINDOWS-923A5F4\ntuser.ini
2017-07-15 18:14 - 2017-04-23 20:01 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-15 17:31 - 2015-05-12 20:38 - 00000000 ____D C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Opera Software
2017-07-15 17:31 - 2015-05-12 20:38 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\Opera Software
2017-07-14 22:46 - 2016-10-14 20:00 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-07-14 12:44 - 2016-12-26 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2017-07-14 12:00 - 2008-01-02 13:03 - 00000000 ___HD C:\Documents and Settings\Default User
2017-07-14 11:58 - 2008-01-02 22:29 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2017-07-14 11:45 - 2017-04-23 20:02 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-13 20:45 - 2015-04-22 15:07 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\Vso
2017-07-12 17:56 - 2015-04-23 00:29 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-07-11 23:15 - 2015-09-25 19:03 - 00007168 ___SH C:\WINDOWS\Thumbs.db
2017-07-11 08:56 - 2016-09-03 23:01 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-11 08:56 - 2016-09-03 23:01 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-11 08:56 - 2008-01-02 12:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-09 17:13 - 2016-07-13 14:24 - 00001456 _____ C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2017-07-08 18:04 - 2015-12-19 23:20 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2017-07-04 22:23 - 2016-04-10 16:10 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\breakin **** 6 beats
2017-07-04 19:55 - 2015-04-23 16:11 - 00000000 ____D C:\Documents and Settings\Lil Steve\My Documents\ConvertXToDVD
2017-07-04 18:41 - 2008-01-02 22:02 - 00000000 ____D C:\Documents and Settings\Lil Steve\Application Data\uTorrent
2017-07-04 12:21 - 2016-04-07 22:23 - 00000000 ____D C:\Documents and Settings\Lil Steve\Desktop\New Folder
2017-07-03 16:54 - 2015-04-22 15:05 - 00001311 _____ C:\WINDOWS\sam8_d.INI
2017-07-01 09:43 - 2015-04-23 00:29 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-06-24 09:46 - 2015-09-27 22:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-16 10:30 - 2015-11-08 13:51 - 00000000 ____D C:\New Folder (2)

==================== Files in the root of some directories =======

2015-04-22 15:07 - 2015-04-22 15:07 - 0007887 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.cat
2015-04-22 15:07 - 2015-04-22 15:07 - 0001144 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.inf
2015-04-22 15:07 - 2015-04-22 15:07 - 0000034 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.log
2015-04-22 15:07 - 2015-04-22 15:07 - 0047360 _____ (VSO Software) C:\Documents and Settings\Lil Steve\Application Data\pcouffin.sys
2016-07-13 14:24 - 2017-07-09 17:13 - 0001456 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2017-01-07 02:54 - 2017-01-31 20:04 - 1044765 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\ars.cache
2017-01-07 02:55 - 2017-01-31 20:04 - 0699652 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\census.cache
2015-09-25 19:03 - 2017-04-15 19:07 - 0006144 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-17 19:32 - 2017-05-17 19:32 - 0035404 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\FASTWiz.log
2017-01-07 02:31 - 2017-01-07 02:31 - 0000036 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\housecall.guid.cache
2017-04-14 20:04 - 2017-04-14 20:04 - 0001383 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\recently-used.xbel
2017-01-07 02:47 - 2017-01-31 19:52 - 0000010 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\sponge.last.runtime.cache
2017-01-11 00:26 - 2017-01-11 00:26 - 0000279 _____ () C:\Documents and Settings\All Users\Application Data\fontcacheev1.dat
2016-05-02 22:21 - 2016-05-02 22:21 - 0000016 _____ () C:\Documents and Settings\All Users\Application Data\mntemp
2016-05-02 22:21 - 2016-05-02 22:21 - 0005005 _____ () C:\Documents and Settings\All Users\Application Data\rxsmznjf.zcp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Lil Steve (16-07-2017 19:59:00)
Running from C:\Documents and Settings\Lil Steve\Local Settings\temp\scoped_dir1104_10512
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-01-02 17:19:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-796845957-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-796845957-1801674531-1008 - Limited - Enabled)
Guest (S-1-5-21-299502267-796845957-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-796845957-1801674531-1000 - Limited - Disabled)
Lil Steve (S-1-5-21-299502267-796845957-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Lil Steve
qgmuuctr (S-1-5-21-299502267-796845957-1801674531-1007 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-796845957-1801674531-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-796845957-1801674531-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser.WINDOWS-923A5F4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - )
Acon Digital Equalize (32 bit) 1.0.2 (HKLM\...\{CD703BA3-0B62-4020-921B-A488AD6CBDD5}_is1) (Version: 1.0.2 - Acon AS)
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5C085A19-B4A1-6686-0103-E9E6F7B2831A}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Analog Channel (HKLM\...\{F972AAC6-5E7D-4B0E-B54A-CCEF1788E1B5}) (Version: 2.6.4 - McDSP) Hidden
Antares Autotune VST RTAS TDM v5.08 (HKLM\...\Antares Autotune VST RTAS TDM_is1) (Version: - Team AiR 2007)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Avid 002 Rack and 003 Rack Driver (x86) (HKLM\...\{8B78288C-1474-49D3-8DB7-A776F588D85C}) (Version: 9.0 - Avid Technology, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brainworx BX Digital VST RTAS v2.1.2 (HKLM\...\Brainworx BX Digital_is1) (Version: - )
CompressorBank (HKLM\...\{D3D891E2-322A-4F6D-904B-A0BF684E71AB}) (Version: 3.6.4 - McDSP) Hidden
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
DeskSpace 1.5.2 (HKU\S-1-5-19\...\DeskSpace) (Version: 1.5.2 - Otaku Software)
DeskSpace 1.5.2 (HKU\S-1-5-20\...\DeskSpace) (Version: 1.5.2 - Otaku Software)
DeskSpace 1.5.2 (HKU\S-1-5-21-299502267-796845957-1801674531-1009\...\DeskSpace) (Version: 1.5.2 - Otaku Software)
Digidesign Audio Drivers 8.0 (HKLM\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 8.0 - Digidesign, A Division of Avid Technology, Inc.)
DigiDesign Focusrite D2 1.71.345 (HKLM\...\DigiDesign Focusrite D2 1.71.345) (Version: - )
DigiDesign Focusrite D3 AudioSuite 1.51.345 (HKLM\...\DigiDesign Focusrite D3 AudioSuite 1.51.345) (Version: - )
Digidesign MP3 Option 8.0 (HKLM\...\{4BEC9FEB-36A5-4882-84E8-EAD525D961EE}) (Version: 8.0 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Pro Tools LE 8.0 (HKLM\...\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}) (Version: 8.0 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Smack! (HKLM\...\{45393511-C3C2-4DF0-B7BE-0B6F1248E291}) (Version: - )
ESET Smart Security (HKLM\...\{C018BFFE-60B5-4EB1-BA74-E4246C09899F}) (Version: 9.0.377.0 - ESET, spol. s r.o.)
Eventide Ensemble Bundle (HKLM\...\Eventide Ensemble Bundle) (Version: 1.0.7 - Eventide)
FilterBank (HKLM\...\{4A9CB960-46DD-4DCE-8B71-755D33D6EC18}) (Version: 3.6.4 - McDSP) Hidden
FilterBank (HKLM\...\{F46D6852-0C1D-48F3-AECB-A1F8D9979FF1}) (Version: 3.6.4 - McDSP)
FlashFXP v4.2 (HKLM\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 4.2.5.1810 - OpenSight Software, LLC)
FlashPeak Slimjet (HKLM\...\Slimjet) (Version: 10.0.13.0 - FlashPeak Inc.)
Flux Full Pack 2.1 (HKLM\...\Flux Full Pack 2.1) (Version: 3.4.6 - Flux)
FocalBlade 2.02 (Plugin) (HKLM\...\FocalBlade 2.02 (Plugin)_is1) (Version: - The Plugin Site)
Focusrite d3 (HKLM\...\Focusrite d3) (Version: - )
Free DigiRack Plug-Ins 8.0.1 (HKLM\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 8.0.1 - Digidesign, A Division of Avid Technology, Inc.)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.99 - Google Inc.) Hidden
Intel(R) C++ Redistributables on IA-32 (HKLM\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
K-Lite Mega Codec Pack 3.5.7 (HKLM\...\KLiteCodecPack_is1) (Version: 3.5.7 - )
Magix Samplitude Professional v8.0 (HKLM\...\Magix Samplitude Professional v8.0) (Version: - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MC2000 (HKLM\...\{A8D19261-B258-43B5-AC0B-843D507A607D}) (Version: 2.6.4 - McDSP) Hidden
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Noveltech Character 1.1 (HKLM\...\Noveltech Character_is1) (Version: - Plugin Alliance)
NVIDIA Graphics Driver 320.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.09 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ohm Force - Ohmicide RTAS (HKLM\...\Ohmicide RTAS) (Version: - )
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pitch'n'Time RTAS v2.1 (HKLM\...\Pitch'n'Time RTAS v2.1) (Version: - )
PSP VintageWarmer2 2.5.2 32bit (HKLM\...\PSP VintageWarmer2 2.5.2 32bit) (Version: 2.5.2 32bit - PSPaudioware.com)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Softube Trident A-Range VST RTAS v1.0.2 (HKLM\...\Softube Trident A-Range VST RTAS_is1) (Version: - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Sonnoxplugins Oxford Elite Collection Native v1.0 (HKLM\...\Sonnoxplugins Oxford Elite Collection Native_is1) (Version: - )
SPL Analog Code Bundle v1.1 (HKLM\...\SPL Analog Code Bundle_is1) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
Topaz Adjust 5 (HKLM\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM\...\Topaz Detail 3) (Version: 3.0.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Vst To Rtas Adapter V2.11 (HKLM\...\Vst To Rtas Adapter V2.11) (Version: "2.11" - "FXpansion")
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.08.31 - Waves)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-796845957-1801674531-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers01: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-11-20] (ESET)
ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers01: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File
ContextMenuHandlers02: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-11-20] (ESET)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2016-07-10] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2013-04-29] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers06: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-11-20] (ESET)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1500157892.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-23 00:28 - 2014-05-13 05:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-23 00:28 - 2014-05-13 05:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-23 00:28 - 2014-05-13 05:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-23 00:28 - 2012-08-23 03:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-23 00:28 - 2012-04-03 10:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-07-15 17:31 - 2016-08-05 07:29 - 63846920 _____ () C:\Program Files\Opera\36.0.2130.80\opera.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Outlook Express:Ryss2nXYUV2o0dwN2Rd9UgW1WTySf [2474]
AlternateDataStreams: C:\Program Files\Common Files\System:mUtr7yzejiPeS862spn [2206]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:aU6guJiDqaPf1DUHbF [2156]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:gJB9PS6hgiBMCGpetKC [2232]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:hIsZOaQCDf63kJeO2 [1836]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:iursAy5KaPkMASxkGsWZorbQAT [2020]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:J0Jmf4ZT7HOdHpjjNu6X [2080]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:pq9v2fwqi3UOZFgAEekHwm [2012]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:riXmOESG3GMD1L7DqJJhA [2080]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:z1WjsCpT24FNpXlrc9pkyz [2406]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\PACE:9D80DE7979F97D4A [217]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Cookies:3TL7h4me3JYOW9zNMtmrtWQ15p [2002]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Application Data:buR7Jz17Q8xJ3YEJEli17Teh [2456]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Application Data:M68e9UkI2TxZr3eqGyUM0zH8B [2090]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\temp:ahlpW2Wg9NlAwsVwU0aK [2192]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Temporary Internet Files:RrsMwdSvPJiBUmB7KaWEhg [1840]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-796845957-1801674531-1003\...\123simsen.com -> www.123simsen.com

There are 7922 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-09-01 03:00 - 2017-07-14 11:58 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-796845957-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-299502267-796845957-1801674531-1009\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk.disabled => C:\WINDOWS\pss\RocketDock.lnk.disabledCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Lil Steve\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent (Lil Steve)
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

==================== Restore Points =========================

17-05-2017 18:51:40 System Checkpoint
17-05-2017 19:12:11 Update to an unsigned driver
17-05-2017 19:58:20 Unsigned driver install
17-05-2017 21:33:13 Unsigned driver install
18-05-2017 17:55:15 Configured Pro Tools LE
18-05-2017 17:57:47 Installed Digidesign Audio Drivers
18-05-2017 18:12:48 Installed Free DigiRack Plug-Ins
18-05-2017 18:13:20 Installed Pro Tools Creative Collection
19-05-2017 19:10:39 System Checkpoint
20-05-2017 20:01:26 System Checkpoint
20-05-2017 22:07:52 Installed SES Driver
20-05-2017 22:41:45 WD SmartWare Installer
20-05-2017 22:53:43 WD SmartWare Installer
20-05-2017 23:00:07 WD SmartWare Installer
20-05-2017 23:03:58 Removed SES Driver
21-05-2017 11:53:58 Update to an unsigned driver
22-05-2017 12:50:51 System Checkpoint
23-05-2017 13:50:50 System Checkpoint
24-05-2017 14:50:50 System Checkpoint
25-05-2017 15:50:50 System Checkpoint
26-05-2017 19:27:08 System Checkpoint
27-05-2017 13:56:33 Removed Pro Tools Creative Collection
28-05-2017 14:11:24 System Checkpoint
29-05-2017 15:11:26 System Checkpoint
30-05-2017 16:11:26 System Checkpoint
31-05-2017 17:11:26 System Checkpoint
01-06-2017 18:11:26 System Checkpoint
02-06-2017 19:46:50 System Checkpoint
03-06-2017 20:12:31 System Checkpoint
04-06-2017 21:13:13 System Checkpoint
05-06-2017 22:11:22 System Checkpoint
06-06-2017 23:11:22 System Checkpoint
07-06-2017 23:39:53 System Checkpoint
09-06-2017 07:16:19 System Checkpoint
10-06-2017 07:45:19 System Checkpoint
11-06-2017 08:45:20 System Checkpoint
12-06-2017 09:45:19 System Checkpoint
13-06-2017 10:23:20 System Checkpoint
14-06-2017 11:23:21 System Checkpoint
15-06-2017 11:23:32 System Checkpoint
16-06-2017 12:48:37 System Checkpoint
17-06-2017 13:23:07 System Checkpoint
18-06-2017 14:08:10 System Checkpoint
19-06-2017 15:21:36 System Checkpoint
20-06-2017 15:30:12 System Checkpoint
21-06-2017 16:30:11 System Checkpoint
22-06-2017 17:30:12 System Checkpoint
23-06-2017 18:30:12 System Checkpoint
24-06-2017 18:58:03 System Checkpoint
25-06-2017 20:49:45 System Checkpoint
26-06-2017 21:38:21 System Checkpoint
27-06-2017 23:13:09 System Checkpoint
28-06-2017 23:45:45 System Checkpoint
30-06-2017 00:45:45 System Checkpoint
01-07-2017 01:32:15 System Checkpoint
02-07-2017 03:47:47 System Checkpoint
03-07-2017 04:45:03 System Checkpoint
04-07-2017 04:45:10 System Checkpoint
05-07-2017 05:45:14 System Checkpoint
06-07-2017 06:13:06 System Checkpoint
07-07-2017 07:13:35 System Checkpoint
08-07-2017 08:00:06 System Checkpoint
09-07-2017 08:51:50 System Checkpoint
10-07-2017 09:17:56 System Checkpoint
11-07-2017 10:17:55 System Checkpoint
12-07-2017 10:40:50 System Checkpoint
13-07-2017 11:28:01 System Checkpoint
14-07-2017 11:24:51 Revo Uninstaller Pro's restore point - Wise Registry Cleaner 9.44
14-07-2017 12:59:57 Checkpoint by HitmanPro
14-07-2017 13:00:23 Checkpoint by HitmanPro
14-07-2017 13:00:29 Checkpoint by HitmanPro
14-07-2017 13:00:34 Checkpoint by HitmanPro
14-07-2017 13:00:40 Checkpoint by HitmanPro
15-07-2017 18:33:53 JRT Pre-Junkware Removal
16-07-2017 00:02:26 Revo Uninstaller Pro's restore point - Digidesign Pro Tools LE 8.0.1
16-07-2017 00:02:49 Removed Pro Tools LE
16-07-2017 00:20:41 Installed Pro Tools LE
16-07-2017 00:21:58 Installed Digidesign Audio Drivers

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2017 10:58:13 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:55:08 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:53:01 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:50:39 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (05/20/2017 10:45:06 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.


System errors:
=============
Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\003_Resource804.dll.
Reference error message: The operation completed successfully.
.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\003_Resource412.dll.
Reference error message: The operation completed successfully.
.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for c:\Program Files\Common Files\Digidesign\DAE\Controllers\003_Resource404.dll.
Reference error message: The operation completed successfully.
.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/16/2017 01:50:44 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/16/2017 01:47:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
Spybot-S&D 2 Security Center Service is not a valid Win32 application.
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.2 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Lil Steve (17-07-2017 20:51:05) Run:1
Running from C:\Documents and Settings\Lil Steve\My Documents\Downloads\New Folder
Loaded Profiles: Lil Steve & UpdatusUser (Available Profiles: Lil Steve & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
URLSearchHook: [S-1-5-21-299502267-796845957-1801674531-1009] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
2015-04-22 15:07 - 2015-04-22 15:07 - 0007887 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.cat
2015-04-22 15:07 - 2015-04-22 15:07 - 0001144 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.inf
2015-04-22 15:07 - 2015-04-22 15:07 - 0000034 _____ () C:\Documents and Settings\Lil Steve\Application Data\pcouffin.log
2015-04-22 15:07 - 2015-04-22 15:07 - 0047360 _____ (VSO Software) C:\Documents and Settings\Lil Steve\Application Data\pcouffin.sys
2016-07-13 14:24 - 2017-07-09 17:13 - 0001456 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2017-01-07 02:54 - 2017-01-31 20:04 - 1044765 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\ars.cache
2017-01-07 02:55 - 2017-01-31 20:04 - 0699652 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\census.cache
2015-09-25 19:03 - 2017-04-15 19:07 - 0006144 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-17 19:32 - 2017-05-17 19:32 - 0035404 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\FASTWiz.log
2017-01-07 02:31 - 2017-01-07 02:31 - 0000036 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\housecall.guid.cache
2017-04-14 20:04 - 2017-04-14 20:04 - 0001383 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\recently-used.xbel
2017-01-07 02:47 - 2017-01-31 19:52 - 0000010 _____ () C:\Documents and Settings\Lil Steve\Local Settings\Application Data\sponge.last.runtime.cache
2017-01-11 00:26 - 2017-01-11 00:26 - 0000279 _____ () C:\Documents and Settings\All Users\Application Data\fontcacheev1.dat
2016-05-02 22:21 - 2016-05-02 22:21 - 0000016 _____ () C:\Documents and Settings\All Users\Application Data\mntemp
2016-05-02 22:21 - 2016-05-02 22:21 - 0005005 _____ () C:\Documents and Settings\All Users\Application Data\rxsmznjf.zcp
ContextMenuHandlers01: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File
AlternateDataStreams: C:\Program Files\Outlook Express:Ryss2nXYUV2o0dwN2Rd9UgW1WTySf [2474]
AlternateDataStreams: C:\Program Files\Common Files\System:mUtr7yzejiPeS862spn [2206]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:aU6guJiDqaPf1DUHbF [2156]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:gJB9PS6hgiBMCGpetKC [2232]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:hIsZOaQCDf63kJeO2 [1836]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:iursAy5KaPkMASxkGsWZorbQAT [2020]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:J0Jmf4ZT7HOdHpjjNu6X [2080]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:pq9v2fwqi3UOZFgAEekHwm [2012]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:riXmOESG3GMD1L7DqJJhA [2080]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:z1WjsCpT24FNpXlrc9pkyz [2406]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\PACE:9D80DE7979F97D4A [217]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Cookies:3TL7h4me3JYOW9zNMtmrtWQ15p [2002]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Application Data:buR7Jz17Q8xJ3YEJEli17Teh [2456]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Application Data:M68e9UkI2TxZr3eqGyUM0zH8B [2090]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\temp:ahlpW2Wg9NlAwsVwU0aK [2192]
AlternateDataStreams: C:\Documents and Settings\Lil Steve\Local Settings\Temporary Internet Files:RrsMwdSvPJiBUmB7KaWEhg [1840]
 
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF} => key removed successfully.
HKLM\Software\Classes\CLSID\{451C804F-C205-4F03-B48E-537EC94937BF} => key removed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key removed successfully.
C:\Documents and Settings\Lil Steve\Application Data\pcouffin.cat => moved successfully
C:\Documents and Settings\Lil Steve\Application Data\pcouffin.inf => moved successfully
C:\Documents and Settings\Lil Steve\Application Data\pcouffin.log => moved successfully
C:\Documents and Settings\Lil Steve\Application Data\pcouffin.sys => moved successfully
C:\Documents and Settings\Lil Steve\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Documents and Settings\Lil Steve\Local Settings\Application Data\ars.cache => moved successfully
C:\Documents and Settings\Lil Steve\Local Settings\Application Data\census.cache => moved successfully
C:\Documents and Settings\Lil Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
 
HKLM\Software\Classes\CLSID\{55D63393-DB17-4A2B-9052-15D85B4B1344} => key removed successfully.
C:\Program Files\Outlook Express => ":Ryss2nXYUV2o0dwN2Rd9UgW1WTySf" ADS removed successfully..
C:\Program Files\Common Files\System => ":mUtr7yzejiPeS862spn" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":aU6guJiDqaPf1DUHbF" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":gJB9PS6hgiBMCGpetKC" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":hIsZOaQCDf63kJeO2" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":iursAy5KaPkMASxkGsWZorbQAT" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":J0Jmf4ZT7HOdHpjjNu6X" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":pq9v2fwqi3UOZFgAEekHwm" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":riXmOESG3GMD1L7DqJJhA" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\Microsoft => ":z1WjsCpT24FNpXlrc9pkyz" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\PACE => ":9D80DE7979F97D4A" ADS removed successfully..
C:\Documents and Settings\Lil Steve\Cookies => ":3TL7h4me3JYOW9zNMtmrtWQ15p" ADS removed successfully..
C:\Documents and Settings\Lil Steve\Local Settings\Application Data => ":buR7Jz17Q8xJ3YEJEli17Teh" ADS removed successfully..
C:\Documents and Settings\Lil Steve\Local Settings\Application Data => ":M68e9UkI2TxZr3eqGyUM0zH8B" ADS removed successfully..
C:\Documents and Settings\Lil Steve\Local Settings\temp => ":ahlpW2Wg9NlAwsVwU0aK" ADS removed successfully..
C:\Documents and Settings\Lil Steve\Local Settings\Temporary Internet Files => ":RrsMwdSvPJiBUmB7KaWEhg" ADS removed successfully..

==== End of Fixlog 20:51:06 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 9.0.408.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java(TM) 6 Update 17
Java version 32-bit out of Date!
Adobe Flash Player 26.0.0.137
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Lil Steve (administrator) on 18-07-2017 at 19:26:29
Running from "C:\Documents and Settings\Lil Steve\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys
[2010-02-05 16:27] - [2010-02-05 16:27] - 0361344 ____A (Microsoft Corporation) 68F06FE0021B01E670AF37B8C5964FDF

C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Epfwndis(12) epfwtdi(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x10000000040000000100000002000000030000000B00000005000000060000000700000008000000090000000A0000000C0000000D0000000E0000000F00000010000000
IpSec Tag value is correct.

**** End of log ****
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
Back