Solved Win Xp Strange Issues possible Malware

J

JackH

Posts: 49   +0
Can't fix audio, running programs not in taskbar, can't move icons on desktop. I can't use system restore.

I can't post the information from FRST because it's over 5,000 characters. Is there any way around this?

Any help is much appreciated.
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Our instructions say to split any log between couple of replies if it doesn't fit into one.
 
  • Like
Reactions: JackH
Okay, thanks.

I just checked in Word, the FRST file has over 72,000 characters, counting spaces would bring it up to over 78,000, I assume the addition file has the same amount. That would have to be split over 30 posts.

In FRST program for the scan I have Registry, Services, Drivers, Processes, and internet checked. Is this correct? Are there ways I can edit down the resulting file so I can put it in less postings?

Thanks,

Jack
 
Do not check anything what is not pre-checked.
By now you'd have already posted everything...there is no other way...and do not use Word but Notepad.
 
Okay, here's the FRST file in parts. Part 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2017
Ran by Administrator (administrator) on JWH (23-09-2017 23:31:04)
Running from C:\Documents and Settings\Administrator.JWH\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan

-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be

moved.)

(Microsoft Corporation) C:\WINDOWS.1\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\lsass.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(NVIDIA Corporation) C:\WINDOWS.1\system32\nvsvc32.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFSrvWsc.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL

Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(Microsoft Corporation) C:\WINDOWS.1\explorer.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\ctfmon.exe
(f.lux Software LLC) C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\FluxSoftware\Flux\flux.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(Wargaming.net) G:\Games\World_of_Tanks\WargamingGameUpdater.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or

removed. The file will not be moved.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE

C:\WINDOWS.1\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS.1\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java

Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [839680

2007-04-03] (Analog Devices, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event

Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352

2007-03-16] (Analog Devices, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS.1\RTHDCPL.EXE [18791456 2010-02-25] (Realtek

Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS.1\SkyTel.EXE [1833504 2010-02-25] (Realtek

Semiconductor Corp.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.1\system32\userinit.exe,
HKLM\...\Winlogon: [UIHost] C:\WINDOWS.1\system32\logonui.exe [514560 2008-04-14]

(Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS.1\system32\crypt32.dll [2013-10-07] (Microsoft

Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS.1\system32\cryptnet.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS.1\system32\cscdll.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS.1\System32\dimsntfy.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS.1\system32\igfxdev.dll [2007-01-13] (Intel

Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS.1\system32\sclgntfy.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS.1\system32\WlNotify.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft

Corporation)
Winlogon\Notify\WgaLogon: C:\WINDOWS.1\system32\WgaLogon.dll [2009-03-10] (Microsoft

Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft

Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\System32\logon.scr

[220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\System32\logon.scr

[220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [ctfmon.exe] =>

C:\WINDOWS.1\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [f.lux] => C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\FluxSoftware\Flux\flux.exe

[1663480 2017-09-09] (f.lux Software LLC)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [World of Tanks] =>

"F:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [Windscribe] => C:\Program

Files\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [Advanced SystemCare 10] =>

C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [World of Tanks (1)] =>

G:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Policies\Explorer:

[NolowDiskSpaceChecks] 1
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\MountPoints2:

{553a9b70-d184-11e4-9b8e-001a6b65a679} - F:\Run.exe
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\MountPoints2:

{63730ecb-e960-11e4-9984-022623047075} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-583907252-115176313-1801674531-500\Control Panel\Desktop\\SCRNSAVE.EXE ->

C:\WINDOWS.1\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\system32\logon.scr

[220672 2008-04-14] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS.1\system32\inetpp.dll [75264

2008-04-14] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS.1\system32\win32spl.dll [102400

2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -

C:\WINDOWS.1\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator.JACK-9B5A923336\Start

Menu\Programs\Startup\MagicDisc.lnk [2014-04-17]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO,

Inc.)
Startup: C:\Documents and Settings\J\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk

[2007-01-21]
ShortcutTarget: OpenOffice.org 2.0.lnk -> C:\Program Files\OpenOffice.org

2.0\program\quickstart.exe (No File)
 
Part 2:

Startup: C:\Documents and Settings\Jack Holland.JACK\Start

Menu\Programs\Startup\MagicDisc.lnk [2014-04-17]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO,

Inc.)
Startup: C:\Documents and Settings\Jack Holland.JACK\Start

Menu\Programs\Startup\TimeTo.lnk [2012-08-23]
ShortcutTarget: TimeTo.lnk -> C:\Program Files\TimeTo\TimeTo.exe (David Berman

Developments Inc. www.davidberman.com)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
CHR HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Policies\Google: Restriction

<==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or

restored to default.)

Winsock: Catalog5 01 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog5 02 C:\WINDOWS.1\system32\winrnr.dll [16896 2008-04-14] (Microsoft

Corporation)
Winsock: Catalog5 03 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 01 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 02 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 03 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 04 C:\WINDOWS.1\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft

Corporation)
Winsock: Catalog9 05 C:\WINDOWS.1\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft

Corporation)
Winsock: Catalog9 06 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 07 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 08 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 09 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 10 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 11 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 12 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 13 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 14 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 15 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 16 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 17 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 18 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 19 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 20 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 21 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 22 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Winsock: Catalog9 23 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft

Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4F29B467-93DE-471E-B375-0B0BD5083D18}: [DhcpNameServer]

192.168.1.254
Tcpip\..\Interfaces\{7E15A5A4-A78C-48CF-9DB7-75C98CDBFC79}: [DhcpNameServer] 192.168.1.1

208.201.224.11 208.201.224.33

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS.1\system32\blank.htm
HKU\S-1-5-21-583907252-115176313-1801674531-500\Software\Microsoft\Internet

Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
HKU\S-1-5-21-583907252-115176313-1801674531-500\Software\Microsoft\Internet

Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =

hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={se

archTerms}
SearchScopes: HKU\S-1-5-21-583907252-115176313-1801674531-500 ->

{9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =

hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={se

archTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program

Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems

Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program

Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program

Files\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street,

Redwood City, CA 94063)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} ->

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25]

(Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->

C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems

Incorporated)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program

Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
Toolbar: HKU\S-1-5-21-583907252-115176313-1801674531-500 -> Adobe PDF -

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.c

ab?1399244708734
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program

Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS.1\wc98pp.dll

[2017-09-20] ()

FireFox:
========
FF DefaultProfile: zhe5o7im.2014
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application

Data\Thunderbird.old\Profiles\9pglceps.default [not found] <==== ATTENTION
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application

Data\Thunderbird.old\Profiles\zhe5o7im.2014 [not found] <==== ATTENTION
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application

Data\Philips-Songbird\Profiles\a5t32cg6.default [2016-10-04]
FF SelectedSearchEngine: C:\Documents and Settings\Administrator.JWH\Application

Data\Philips-Songbird\Profiles\a5t32cg6.default -> Rhapsody
FF NetworkProxy: C:\Documents and Settings\Administrator.JWH\Application

Data\Philips-Songbird\Profiles\a5t32cg6.default -> no_proxies_on", "127.0.0.1;localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator.JWH\Application

Data\Philips-Songbird\Profiles\a5t32cg6.default -> type", 4
FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program

Files\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2014-07-02]

[not signed]
FF Extension: (Media Sharing) - C:\Program Files\Philips\Philips

Songbird\extensions\sharing@songbirdnest.com [2014-07-02] [not signed]
 
Part 3:

Got this message trying to post this part:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.
 
Part 4:



FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011-03-22] (Nullsoft, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2005-12-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Administrator.JWH\Local Settings\Application

Data\Google\Chrome\User Data\Default [2017-09-23]
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2017-08-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-05]
CHR Extension: (Honey) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-21]
CHR Extension: (Proxy Switchy!) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj [2014-04-17]
CHR Extension: (uBlock Origin) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-06]
CHR Extension: (Hide My ***! Web Proxy) - C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-09-30]
CHR Extension: (Amazon Quick View) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\ebiffjjmnhnajgidpecmdmhimojgaben [2017-04-10]
CHR Extension: (Session Buddy) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-28]
CHR Extension: (Blur) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2017-09-21]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Disconnect) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-02-18]
CHR Extension: (Grammarly for Chrome) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-09-21]
CHR Extension: (InvisibleHand) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2017-02-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-01]
CHR Extension: (Ghostery) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-01]
CHR Extension: (CLEER PRO) - C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\mmecmdmgelkpjcfhmbdmejfaocgaekjc [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-12]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - <no Path/update_url>
CHR

HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Google\Chrome\Extensions\...\Chr

ome\Extension: [apdfllckaahabafndbhieahigkjlhalf] -

C:\DOCUME~1\ADMINI~1.JWH\LOCALS~1\APPLIC~1\Google\Drive\user_default\apdfllckaahabafndbhi

eahigkjlhalf_live.crx [2015-08-27]
CHR

HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Google\Chrome\Extensions\...\Chr

ome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] -

hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (TabHamster) - C:\Documents and Settings\Administrator.JWH\Application

Data\Opera Software\Opera Stable\Extensions\flaibmngbecjljogddbgojfenfcneanb [2015-12-20]
OPR Extension: (Amazon Assistant for Opera) - C:\Documents and

Settings\Administrator.JWH\Application Data\Opera Software\Opera

Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2017-07-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file

will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not

running.
 
Part 5:

















S3 ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [81920

2008-07-31] (Sage Software, Inc.)
S3 AdobeFlashPlayerUpdateSvc;

C:\WINDOWS.1\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-13]

(Adobe Systems Incorporated)
R2 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe

[462624 2017-03-21] (IObit)
S4 Alerter; C:\WINDOWS.1\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
S3 ALG; C:\WINDOWS.1\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software

Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
S3 AppMgmt; C:\WINDOWS.1\System32\appmgmts.dll [167936 2008-04-14] (Microsoft

Corporation)
S3 aspnet_state; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160

2010-03-18] (Microsoft Corporation)
S2 AudioSrv; C:\WINDOWS.1\System32\audiosrv.dll [42496 2008-04-14] (Microsoft

Corporation)
S3 BITS; C:\WINDOWS.1\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S3 Browser; C:\WINDOWS.1\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S4 CiSvc; C:\WINDOWS.1\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S4 ClipSrv; C:\WINDOWS.1\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32;

C:\WINDOWS.1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25]

(Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32;

C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18]

(Microsoft Corporation)
S2 CryptSvc; C:\WINDOWS.1\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft

Corporation)
R2 Dhcp; C:\WINDOWS.1\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS.1\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp.,

Veritas Software)
S3 dmserver; C:\WINDOWS.1\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS.1\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft

Corporation)
S3 Dot3svc; C:\WINDOWS.1\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS.1\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S4 ERSvc; C:\WINDOWS.1\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS.1\system32\services.exe [110592 2009-02-06] (Microsoft

Corporation)
S3 EventSystem; C:\WINDOWS.1\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 FastUserSwitchingCompatibility; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27]

(Microsoft Corporation)
S2 Fax; C:\WINDOWS.1\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
S3 FontCache3.0.0.0;

C:\WINDOWS.1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104

2008-07-29] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592

2016-03-02] (Bitdefender)
S3 helpsvc; C:\WINDOWS.1\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14]

(Microsoft Corporation)
S2 HidServ; C:\WINDOWS.1\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS.1\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program

Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11]

(Hewlett-Packard Company)
S3 HTTPFilter; C:\WINDOWS.1\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 idsvc; C:\WINDOWS.1\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.1\system32\imapi.exe [150528 2008-04-14] (Microsoft

Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1768736

2017-07-18] (IObit)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28]

(IObit)
R2 LanmanServer; C:\WINDOWS.1\System32\srvsvc.dll [99840 2010-08-26] (Microsoft

Corporation)
R2 lanmanworkstation; C:\WINDOWS.1\System32\wkssvc.dll [132096 2009-06-09] (Microsoft

Corporation)
R2 LmHosts; C:\WINDOWS.1\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS.1\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS.1\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.1\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS.1\System32\msiexec.exe [78848 2008-04-14] (Microsoft

Corporation)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

[29293408 2010-12-10] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

[44384 2010-12-10] (Microsoft Corporation)
S3 napagent; C:\WINDOWS.1\System32\qagentrt.dll [291328 2008-04-14] (Microsoft

Corporation)
S4 NetDDE; C:\WINDOWS.1\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS.1\system32\netdde.exe [111104 2008-04-14] (Microsoft

Corporation)
S4 Netlogon; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 Netman; C:\WINDOWS.1\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

[124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\WINDOWS.1\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS.1\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 nvsvc; C:\WINDOWS.1\system32\nvsvc32.exe [156776 2010-10-16] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912

2013-10-17] ()
R2 PlugPlay; C:\WINDOWS.1\system32\services.exe [110592 2009-02-06] (Microsoft

Corporation)
S2 PolicyAgent; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft

Corporation)
S2 ProtectedStorage; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft

Corporation)
S3 RasAuto; C:\WINDOWS.1\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
S3 RasMan; C:\WINDOWS.1\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S4 RDSessMgr; C:\WINDOWS.1\system32\sessmgr.exe [141312 2008-04-14] (Microsoft

Corporation)
S4 RemoteAccess; C:\WINDOWS.1\System32\mprdim.dll [53248 2008-04-14] (Microsoft

Corporation)
S4 RemoteRegistry; C:\WINDOWS.1\system32\regsvc.dll [59904 2008-04-14] (Microsoft

Corporation)
S3 RpcLocator; C:\WINDOWS.1\system32\locator.exe [75264 2008-04-14] (Microsoft

Corporation)
S2 RpcSs; C:\WINDOWS.1\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S4 RSVP; C:\WINDOWS.1\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)
S2 SamSs; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS.1\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft

Corporation)
S2 Schedule; C:\WINDOWS.1\system32\schedsvc.dll [192512 2008-04-14] (Microsoft

Corporation)
R2 seclogon; C:\WINDOWS.1\System32\seclogon.dll [18944 2008-04-14] (Microsoft

Corporation)
S2 SENS; C:\WINDOWS.1\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
S2 SharedAccess; C:\WINDOWS.1\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft

Corporation)
S2 ShellHWDetection; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft

Corporation)
S2 Spooler; C:\WINDOWS.1\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
S2 srservice; C:\WINDOWS.1\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S3 SSDPSRV; C:\WINDOWS.1\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
S2 stisvc; C:\WINDOWS.1\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS.1\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft

Corporation)
S3 TapiSrv; C:\WINDOWS.1\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.1\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S3 TrkWks; C:\WINDOWS.1\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS.1\System32\upnphost.dll [185856 2008-04-14] (Microsoft

Corporation)
S3 UPS; C:\WINDOWS.1\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINDOWS.1\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.1\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
 
Part 6:

















S3 ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [81920

2008-07-31] (Sage Software, Inc.)
S3 AdobeFlashPlayerUpdateSvc;

C:\WINDOWS.1\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-13]

(Adobe Systems Incorporated)
R2 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe

[462624 2017-03-21] (IObit)
S4 Alerter; C:\WINDOWS.1\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
S3 ALG; C:\WINDOWS.1\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software

Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
S3 AppMgmt; C:\WINDOWS.1\System32\appmgmts.dll [167936 2008-04-14] (Microsoft

Corporation)
S3 aspnet_state; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160

2010-03-18] (Microsoft Corporation)
S2 AudioSrv; C:\WINDOWS.1\System32\audiosrv.dll [42496 2008-04-14] (Microsoft

Corporation)
S3 BITS; C:\WINDOWS.1\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S3 Browser; C:\WINDOWS.1\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S4 CiSvc; C:\WINDOWS.1\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S4 ClipSrv; C:\WINDOWS.1\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32;

C:\WINDOWS.1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25]

(Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32;

C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18]

(Microsoft Corporation)
S2 CryptSvc; C:\WINDOWS.1\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft

Corporation)
R2 Dhcp; C:\WINDOWS.1\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS.1\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp.,

Veritas Software)
S3 dmserver; C:\WINDOWS.1\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS.1\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft

Corporation)
S3 Dot3svc; C:\WINDOWS.1\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS.1\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S4 ERSvc; C:\WINDOWS.1\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS.1\system32\services.exe [110592 2009-02-06] (Microsoft

Corporation)
S3 EventSystem; C:\WINDOWS.1\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 FastUserSwitchingCompatibility; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27]

(Microsoft Corporation)
S2 Fax; C:\WINDOWS.1\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
S3 FontCache3.0.0.0;

C:\WINDOWS.1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104

2008-07-29] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592

2016-03-02] (Bitdefender)
S3 helpsvc; C:\WINDOWS.1\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14]

(Microsoft Corporation)
S2 HidServ; C:\WINDOWS.1\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS.1\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program

Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11]

(Hewlett-Packard Company)
S3 HTTPFilter; C:\WINDOWS.1\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 idsvc; C:\WINDOWS.1\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.1\system32\imapi.exe [150528 2008-04-14] (Microsoft

Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1768736

2017-07-18] (IObit)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28]

(IObit)
R2 LanmanServer; C:\WINDOWS.1\System32\srvsvc.dll [99840 2010-08-26] (Microsoft

Corporation)
R2 lanmanworkstation; C:\WINDOWS.1\System32\wkssvc.dll [132096 2009-06-09] (Microsoft

Corporation)
R2 LmHosts; C:\WINDOWS.1\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS.1\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS.1\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.1\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS.1\System32\msiexec.exe [78848 2008-04-14] (Microsoft

Corporation)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

[29293408 2010-12-10] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

[44384 2010-12-10] (Microsoft Corporation)
S3 napagent; C:\WINDOWS.1\System32\qagentrt.dll [291328 2008-04-14] (Microsoft

Corporation)
S4 NetDDE; C:\WINDOWS.1\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS.1\system32\netdde.exe [111104 2008-04-14] (Microsoft

Corporation)
S4 Netlogon; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 Netman; C:\WINDOWS.1\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

[124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\WINDOWS.1\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS.1\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 nvsvc; C:\WINDOWS.1\system32\nvsvc32.exe [156776 2010-10-16] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912

2013-10-17] ()
R2 PlugPlay; C:\WINDOWS.1\system32\services.exe [110592 2009-02-06] (Microsoft

Corporation)
S2 PolicyAgent; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft

Corporation)
S2 ProtectedStorage; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft

Corporation)
S3 RasAuto; C:\WINDOWS.1\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
S3 RasMan; C:\WINDOWS.1\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S4 RDSessMgr; C:\WINDOWS.1\system32\sessmgr.exe [141312 2008-04-14] (Microsoft

Corporation)
S4 RemoteAccess; C:\WINDOWS.1\System32\mprdim.dll [53248 2008-04-14] (Microsoft

Corporation)
S4 RemoteRegistry; C:\WINDOWS.1\system32\regsvc.dll [59904 2008-04-14] (Microsoft

Corporation)
S3 RpcLocator; C:\WINDOWS.1\system32\locator.exe [75264 2008-04-14] (Microsoft

Corporation)
S2 RpcSs; C:\WINDOWS.1\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S4 RSVP; C:\WINDOWS.1\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)
S2 SamSs; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS.1\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft

Corporation)
S2 Schedule; C:\WINDOWS.1\system32\schedsvc.dll [192512 2008-04-14] (Microsoft

Corporation)
R2 seclogon; C:\WINDOWS.1\System32\seclogon.dll [18944 2008-04-14] (Microsoft

Corporation)
S2 SENS; C:\WINDOWS.1\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
S2 SharedAccess; C:\WINDOWS.1\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft

Corporation)
S2 ShellHWDetection; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft

Corporation)
S2 Spooler; C:\WINDOWS.1\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
S2 srservice; C:\WINDOWS.1\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S3 SSDPSRV; C:\WINDOWS.1\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
S2 stisvc; C:\WINDOWS.1\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS.1\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft

Corporation)
S3 TapiSrv; C:\WINDOWS.1\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.1\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S3 TrkWks; C:\WINDOWS.1\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS.1\System32\upnphost.dll [185856 2008-04-14] (Microsoft

Corporation)
S3 UPS; C:\WINDOWS.1\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINDOWS.1\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.1\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
 
Part 7:





S1 Cdaudio; C:\WINDOWS.1\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft

Corporation)
R4 Cdfs; C:\WINDOWS.1\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft

Corporation)
R1 Cdrom; C:\WINDOWS.1\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft

Corporation)
S0 cercsr6; C:\WINDOWS.1\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.)
R0 Disk; C:\WINDOWS.1\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft

Corporation)
S4 dmboot; C:\WINDOWS.1\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp.,

Veritas Software)
R0 dmio; C:\WINDOWS.1\System32\DRIVERS\dmio.sys [153344 2008-04-14] (Microsoft Corp.,

Veritas Software)
R0 dmload; C:\WINDOWS.1\system32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp.,

Veritas Software.)
R3 DMusic; C:\WINDOWS.1\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft

Corporation)
R3 drmkaud; C:\WINDOWS.1\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft

Corporation)
R1 ElRawDisk; C:\WINDOWS.1\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS

Corporation)
R4 Fastfat; C:\WINDOWS.1\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft

Corporation)
R3 Fdc; C:\WINDOWS.1\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R1 Fips; C:\WINDOWS.1\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft

Corporation)
R3 Flpydisk; C:\WINDOWS.1\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft

Corporation)
R0 FltMgr; C:\WINDOWS.1\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft

Corporation)
U1 Fs_Rec; C:\WINDOWS.1\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft

Corporation)
S3 FTDIBUS; C:\WINDOWS.1\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R0 Ftdisk; C:\WINDOWS.1\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft

Corporation)
S3 FTSER2K; C:\WINDOWS.1\System32\drivers\ftser2k.sys [74088 2013-07-25] (FTDI Ltd.)
S3 gameenum; C:\WINDOWS.1\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft

Corporation)
S3 gdrv; C:\WINDOWS.1\gdrv.sys [17488 2015-03-23] (Windows (R) 2000 DDK provider)
S3 GEARAspiWDM; C:\WINDOWS.1\System32\Drivers\GEARAspiWDM.sys [15664 2012-04-04] (GEAR

Software Inc.)
R3 Gpc; C:\WINDOWS.1\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft

Corporation)
R1 gzflt; C:\WINDOWS.1\System32\DRIVERS\gzflt.sys [164952 2016-09-24] (BitDefender LLC)
R3 HDAudBus; C:\WINDOWS.1\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R)

Server 2003 DDK provider)
R3 hidusb; C:\WINDOWS.1\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft

Corporation)
S3 htcnprot; C:\WINDOWS.1\System32\DRIVERS\htcnprot.sys [21248 2013-10-17] (Windows (R)

Win 7 DDK provider)
S3 HTTP; C:\WINDOWS.1\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft

Corporation)
R1 HWiNFO32; C:\WINDOWS.1\system32\drivers\HWiNFO32.SYS [23840 2015-01-08] (REALiX(tm))
R1 i8042prt; C:\WINDOWS.1\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft

Corporation)
S3 ialm; C:\WINDOWS.1\System32\DRIVERS\igxpmp32.sys [5672032 2007-01-13] (Intel

Corporation)
S1 Imapi; C:\WINDOWS.1\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft

Corporation)
R1 IMFCameraProtect; C:\WINDOWS.1\system32\drivers\IMFCameraProtect.sys [25120

2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware

Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)
S4 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\IMFFilter.sys

[247872 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware

Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-06-30] (IObit.com)
S3 IntcAzAudAddService; C:\WINDOWS.1\System32\drivers\RtkHDAud.sys [5864480 2010-02-25]

(Realtek Semiconductor Corp.)
R0 IntelIde; C:\WINDOWS.1\System32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft

Corporation)
R1 intelppm; C:\WINDOWS.1\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft

Corporation)
S3 Ip6Fw; C:\WINDOWS.1\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft

Corporation)
S3 IpFilterDriver; C:\WINDOWS.1\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04]

(Microsoft Corporation)
S3 IpInIp; C:\WINDOWS.1\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft

Corporation)
R3 IpNat; C:\WINDOWS.1\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft

Corporation)
R1 IPSec; C:\WINDOWS.1\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft

Corporation)
S3 IRENUM; C:\WINDOWS.1\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft

Corporation)
R0 isapnp; C:\WINDOWS.1\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft

Corporation)
R1 Kbdclass; C:\WINDOWS.1\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft

Corporation)
R1 kbdhid; C:\WINDOWS.1\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft

Corporation)
R3 kmixer; C:\WINDOWS.1\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft

Corporation)
R0 KSecDD; C:\WINDOWS.1\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft

Corporation)
S3 mcdbus; C:\WINDOWS.1\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.)
R1 mnmdd; C:\WINDOWS.1\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft

Corporation)
S3 Modem; C:\WINDOWS.1\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft

Corporation)
S3 Monfilt; C:\WINDOWS.1\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative

Technology Ltd.)
R1 Mouclass; C:\WINDOWS.1\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft

Corporation)
R3 mouhid; C:\WINDOWS.1\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft

Corporation)
R0 MountMgr; C:\WINDOWS.1\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft

Corporation)
S3 MRxDAV; C:\WINDOWS.1\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft

Corporation)
R1 MRxSmb; C:\WINDOWS.1\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft

Corporation)
R1 Msfs; C:\WINDOWS.1\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft

Corporation)
S3 MSKSSRV; C:\WINDOWS.1\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft

Corporation)
S3 MSPCLOCK; C:\WINDOWS.1\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft

Corporation)
S3 MSPQM; C:\WINDOWS.1\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft

Corporation)
R3 mssmbios; C:\WINDOWS.1\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft

Corporation)
S3 MSTEE; C:\WINDOWS.1\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft

Corporation)
R0 Mup; C:\WINDOWS.1\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
S3 NABTSFEC; C:\WINDOWS.1\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft

Corporation)
R0 NDIS; C:\WINDOWS.1\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft

Corporation)
S3 NdisIP; C:\WINDOWS.1\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft

Corporation)
R3 NdisTapi; C:\WINDOWS.1\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft

Corporation)
R3 Ndisuio; C:\WINDOWS.1\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft

Corporation)
R3 NdisWan; C:\WINDOWS.1\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft

Corporation)
R3 NDProxy; C:\WINDOWS.1\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft

Corporation)
R1 NetBIOS; C:\WINDOWS.1\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft

Corporation)
R1 NetBT; C:\WINDOWS.1\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft

Corporation)
R1 Npfs; C:\WINDOWS.1\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft

Corporation)
R4 Ntfs; C:\WINDOWS.1\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft

Corporation)
R1 Null; C:\WINDOWS.1\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation)
R3 nv; C:\WINDOWS.1\System32\DRIVERS\nv4_mini.sys [9623680 2010-10-16] (NVIDIA

Corporation)
S3 NwlnkFlt; C:\WINDOWS.1\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft

Corporation)
S3 NwlnkFwd; C:\WINDOWS.1\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft

Corporation)
S3 OM518P; C:\WINDOWS.1\System32\Drivers\om518vid.sys [182154 2001-01-18] (OmniVision

Technologies, Inc.)
R3 Parport; C:\WINDOWS.1\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft

Corporation)
R0 PartMgr; C:\WINDOWS.1\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft

Corporation)
R2 ParVdm; C:\WINDOWS.1\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft

Corporation)
R0 PCI; C:\WINDOWS.1\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS.1\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft

Corporation)
S4 Pcmcia; C:\WINDOWS.1\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft

Corporation)
R3 PptpMiniport; C:\WINDOWS.1\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft

Corporation)
 
Part 8:


R3 PSched; C:\WINDOWS.1\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft

Corporation)
R3 Ptilink; C:\WINDOWS.1\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel

Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS.1\System32\Drivers\PxHelp20.sys [44944 2009-04-17] (Sonic

Solutions)
S3 qcserxp; C:\WINDOWS.1\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM

Incorporated)
R1 RasAcd; C:\WINDOWS.1\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft

Corporation)
R3 Rasl2tp; C:\WINDOWS.1\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft

Corporation)
R3 RasPppoe; C:\WINDOWS.1\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft

Corporation)
R3 Raspti; C:\WINDOWS.1\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft

Corporation)
R1 Rdbss; C:\WINDOWS.1\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft

Corporation)
R1 RDPCDD; C:\WINDOWS.1\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft

Corporation)
R3 rdpdr; C:\WINDOWS.1\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft

Corporation)
S3 RDPWD; C:\WINDOWS.1\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft

Corporation)
R1 redbook; C:\WINDOWS.1\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft

Corporation)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

[31680 2017-01-06] (IObit.com)
S3 RTL8023xp; C:\WINDOWS.1\System32\DRIVERS\Rtnicxp.sys [130432 2015-01-10] (Realtek

Semiconductor Corporation )
R3 RTLE8023xp; C:\WINDOWS.1\System32\DRIVERS\Rtenicxp.sys [234392 2010-07-06] (Realtek

Semiconductor Corporation )
S3 Secdrv; C:\WINDOWS.1\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision

Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 SenFiltService; C:\WINDOWS.1\System32\drivers\Senfilt.sys [8704 2005-03-17] (Analog

Devices, Inc.)
R3 serenum; C:\WINDOWS.1\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft

Corporation)
R1 Serial; C:\WINDOWS.1\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft

Corporation)
S1 Sfloppy; C:\WINDOWS.1\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft

Corporation)
S3 SLIP; C:\WINDOWS.1\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft

Corporation)
R0 SmartDefragDriver; C:\WINDOWS.1\System32\Drivers\SmartDefragDriver.sys [15824

2016-03-22] (IObit)
R3 splitter; C:\WINDOWS.1\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft

Corporation)
R0 sr; C:\WINDOWS.1\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINDOWS.1\System32\DRIVERS\srv.sys [359040 2017-02-11] (Microsoft Corporation)
S3 streamip; C:\WINDOWS.1\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft

Corporation)
R3 swenum; C:\WINDOWS.1\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft

Corporation)
R3 swmidi; C:\WINDOWS.1\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft

Corporation)
R3 sysaudio; C:\WINDOWS.1\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft

Corporation)
R3 tapwindscribe0901; C:\WINDOWS.1\System32\DRIVERS\tapwindscribe0901.sys [30936

2017-04-21] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS.1\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft

Corporation)
S3 TDPIPE; C:\WINDOWS.1\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft

Corporation)
S3 TDTCP; C:\WINDOWS.1\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft

Corporation)
R1 TermDD; C:\WINDOWS.1\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft

Corporation)
R0 Trufos; C:\WINDOWS.1\System32\DRIVERS\TRUFOS.sys [355744 2016-09-24] (BitDefender

S.R.L.)
S4 Udfs; C:\WINDOWS.1\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft

Corporation)
R3 Update; C:\WINDOWS.1\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft

Corporation)
R3 usbaudio; C:\WINDOWS.1\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft

Corporation)
R3 usbccgp; C:\WINDOWS.1\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft

Corporation)
R3 usbehci; C:\WINDOWS.1\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft

Corporation)
R3 usbhub; C:\WINDOWS.1\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft

Corporation)
S3 usbprint; C:\WINDOWS.1\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft

Corporation)
S3 usbscan; C:\WINDOWS.1\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft

Corporation)
R3 usbstor; C:\WINDOWS.1\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft

Corporation)
R3 usbuhci; C:\WINDOWS.1\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft

Corporation)
S3 usb_rndisx; C:\WINDOWS.1\System32\DRIVERS\usb8023x.sys [12928 2013-02-11] (Microsoft

Corporation)
R1 VgaSave; C:\WINDOWS.1\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft

Corporation)
R0 VolSnap; C:\WINDOWS.1\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft

Corporation)
R3 Wanarp; C:\WINDOWS.1\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft

Corporation)
R3 Wdf01000; C:\WINDOWS.1\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft

Corporation)
S3 wdmaud; C:\WINDOWS.1\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft

Corporation)
S3 WpdUsb; C:\WINDOWS.1\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft

Corporation)
S3 WSTCODEC; C:\WINDOWS.1\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft

Corporation)
R0 WudfPf; C:\WINDOWS.1\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft

Corporation)
S3 WudfRd; C:\WINDOWS.1\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft

Corporation)
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X]
S3 cpuz138; no ImagePath
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 rtl8139; system32\DRIVERS\RTL8139.SYS [X]
U5 ScsiPort; C:\WINDOWS.1\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft

Corporation)
U2 WinDefend; no ImagePath
S3 WinRing0_1_2_0; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file

will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Documents and Settings\All Users.WINDOWS.0\Start

Menu\Programs\ACT! 2006 "
2017-09-23 23:25 - 2017-09-23 23:25 - 000000000 ____D C:\WINDOWS.1\LastGood
2017-09-22 08:47 - 2017-09-23 23:31 - 000000000 ____D C:\FRST
2017-09-22 08:03 - 2017-09-22 08:03 - 000095648 _____ C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-09-22 07:35 - 2017-09-22 07:35 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\ESET
2017-09-22 04:58 - 2017-09-22 05:01 - 002236768 _____ C:\WINDOWS.1\system32\FNTCACHE.DAT
2017-09-22 02:37 - 2017-09-22 08:05 - 000107380 _____ C:\WINDOWS.1\ntbtlog.txt
2017-09-21 23:42 - 2017-09-21 23:42 - 000000036 _____ C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\housecall.guid.cache
2017-09-21 23:00 - 2017-09-21 23:00 - 000002224 _____ C:\Documents and

Settings\Administrator.JWH\Start Menu\Programs\f.lux.lnk
2017-09-20 21:10 - 2017-09-20 21:26 - 000000242 _____ C:\WINDOWS.1\CDPlayer.ini
2017-09-20 20:51 - 2017-09-20 20:51 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH\Application Data\EurekaLog
2017-09-20 19:44 - 2017-09-20 19:44 - 000051712 _____ C:\WINDOWS.1\wc98pp.dll
2017-09-20 19:33 - 2017-09-20 19:33 - 000001077 _____ C:\Documents and

Settings\Administrator.JWH\Desktop\MONEY! Jr. CD-ROM.lnk
2017-09-20 19:33 - 2017-09-20 19:33 - 000000039 _____ C:\WINDOWS.1\MoneyJrCDROM.INI
2017-09-20 19:33 - 2017-09-20 19:33 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH\Start Menu\Programs\Garvinweb.com MONEY! Jr. CD-ROM
2017-09-20 19:33 - 1998-06-24 00:00 - 000198456 _____ (Microsoft Corporation)

C:\WINDOWS.1\system32\Mci32.ocx
2017-09-20 19:33 - 1998-05-22 00:00 - 000137736 _____ (Microsoft Corporation)

C:\WINDOWS.1\system32\COMDLG32.OCX
2017-09-20 17:38 - 2017-09-20 17:38 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-09-20 17:38 - 2017-09-20 17:38 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-09-14 15:34 - 2017-09-21 05:45 - 000000298 _____

C:\WINDOWS.1\Tasks\SmartDefrag_AutoAnalyze.job
2017-09-14 15:34 - 2017-09-20 17:38 - 000000292 _____

C:\WINDOWS.1\Tasks\SmartDefrag_Startup.job
2017-09-14 15:34 - 2017-09-20 16:07 - 000000290 _____

C:\WINDOWS.1\Tasks\SmartDefrag_Update.job
2017-09-13 01:33 - 2017-09-13 02:33 - 005680640 _____ (Adobe Systems Incorporated)

C:\WINDOWS.1\system32\FlashPlayerInstaller.exe
2017-09-07 04:31 - 2017-09-07 04:31 - 000005451 _____ C:\Documents and

Settings\Administrator.JWH\Desktop\retrievePDF.pdf
2017-08-28 05:18 - 2017-08-28 05:18 - 000000541 _____ C:\Documents and

Settings\Administrator.JWH\Desktop\aishas advice on skugrid problem.txt
2017-08-25 00:08 - 2017-08-25 00:08 - 000000017 _____ C:\Documents and

Settings\Administrator.JWH\Desktop\Amazon additin for SKUGrid.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-23 23:32 - 2014-04-27 13:31 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH\Local Settings\Temp
2017-09-23 23:30 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\Temp
2017-09-23 23:28 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\system32
2017-09-23 23:25 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1
2017-09-23 23:24 - 2001-08-23 05:00 - 000001374 _____ C:\WINDOWS.1\system32\wpa.dbl
2017-09-23 04:11 - 2014-04-16 16:34 - 000000178 ___SH C:\Documents and

Settings\Administrator.JWH\ntuser.ini
2017-09-23 00:34 - 2015-09-03 21:17 - 000000000 ____D C:\WINDOWS.1\system32\RTCOM
2017-09-22 08:38 - 2014-05-07 05:54 - 000002335 _____ C:\Documents and Settings\All

Users.WINDOWS.1\Desktop\Taskix.lnk
2017-09-22 08:33 - 2014-09-10 17:28 - 043372544 _____

C:\WINDOWS.1\system32\config\software.iobit
2017-09-22 08:33 - 2014-09-10 17:28 - 000901120 _____

C:\WINDOWS.1\system32\config\default.iobit
2017-09-22 08:33 - 2014-09-10 17:28 - 000065536 _____

C:\WINDOWS.1\system32\config\SECURITY.iobit
2017-09-22 08:33 - 2014-09-10 17:28 - 000028672 _____

C:\WINDOWS.1\system32\config\SAM.iobit
2017-09-22 07:51 - 2014-04-16 16:34 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH
2017-09-22 07:22 - 2014-04-15 13:29 - 000000000 ____D C:\Documents and Settings\Jack
2017-09-22 07:22 - 2014-04-14 23:29 - 000000000 ____D C:\Documents and Settings\JH
2017-09-22 06:37 - 2001-01-06 00:46 - 000000801 ___SH C:\boot.ini
2017-09-22 05:34 - 2014-05-14 22:57 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2017-09-22 05:34 - 2014-05-14 22:57 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2017-09-22 05:29 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\security
2017-09-22 05:28 - 2015-09-03 21:26 - 000000000 ____D C:\Program Files\Analog Devices
2017-09-22 05:28 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\system
2017-09-22 05:27 - 2014-04-16 08:55 - 000000000 ___HD C:\WINDOWS.1\inf
2017-09-22 02:37 - 2014-05-13 15:51 - 000170200 _____ (Malwarebytes)

C:\WINDOWS.1\system32\Drivers\MBAMSwissArmy.sys
2017-09-22 02:36 - 2014-05-04 16:05 - 000000000 __SHD C:\Documents and

Settings\Administrator.JWH\UserData
2017-09-21 23:56 - 2014-04-16 01:47 - 000000000 ____D C:\Documents and

Settings\JH.J-5CFDC3FD42354
2017-09-21 23:56 - 2007-03-08 00:30 - 000000000 ____D C:\Documents and

Settings\Administrator.JACK.001
2017-09-21 23:56 - 2007-01-19 19:02 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS2
2017-09-21 23:56 - 2006-04-02 13:02 - 000000000 ____D C:\Documents and Settings\Admin
2017-09-21 23:56 - 2001-01-06 00:46 - 000000000 ____D C:\Documents and Settings\Default

User
2017-09-21 23:56 - 2001-01-06 00:46 - 000000000 ____D C:\Documents and Settings\All Users
 
Part 9:



2017-09-21 21:57 - 2014-04-16 16:32 - 000000178 ___SH C:\Documents and

Settings\LocalService.NT AUTHORITY.004\ntuser.ini
2017-09-21 19:20 - 2014-09-10 17:09 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\ProductData
2017-09-21 19:20 - 2014-09-10 17:09 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\ProductData
2017-09-21 08:59 - 2014-08-28 04:32 - 000881942 _____ C:\Documents and

Settings\LocalService.NT AUTHORITY.004\Local Settings\Application

Data\WPFFontCache_v0400-S-1-5-21-583907252-115176313-1801674531-500-0.dat
2017-09-21 08:59 - 2014-08-08 05:06 - 000472398 _____ C:\Documents and

Settings\LocalService.NT AUTHORITY.004\Local Settings\Application

Data\WPFFontCache_v0400-System.dat
2017-09-21 08:59 - 2014-04-16 16:32 - 000000006 ____H C:\WINDOWS.1\Tasks\SA.DAT
2017-09-21 08:58 - 2017-05-13 19:58 - 000000308 _____ C:\WINDOWS.1\Tasks\DivXUpdate.job
2017-09-21 08:46 - 2014-04-16 16:57 - 000000886 _____

C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineUA.job
2017-09-21 08:33 - 2015-05-25 15:32 - 000000834 _____ C:\WINDOWS.1\Tasks\Adobe Flash

Player Updater.job
2017-09-21 06:00 - 2016-04-14 16:19 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH\Application Data\MediaMonkey
2017-09-21 03:58 - 2016-04-28 15:51 - 000000296 _____ C:\WINDOWS.1\Tasks\Driver Booster

Scheduler.job
2017-09-21 03:53 - 2015-08-27 01:15 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Start Menu\Programs\Google Drive
2017-09-21 03:53 - 2015-08-27 01:15 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Start Menu\Programs\Google Drive
2017-09-21 02:46 - 2014-04-16 16:57 - 000000882 _____

C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineCore.job
2017-09-20 19:33 - 2006-09-16 04:00 - 000000000 ____D C:\Program Files\MoneyJrCDROM
2017-09-20 18:07 - 2016-11-21 23:05 - 000001806 _____ C:\Documents and Settings\All

Users.WINDOWS.1\Desktop\Advanced SystemCare 10.lnk
2017-09-20 18:07 - 2016-04-28 15:50 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Start Menu\Programs\Advanced SystemCare
2017-09-20 18:07 - 2016-04-28 15:50 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Start Menu\Programs\Advanced SystemCare
2017-09-20 16:06 - 2014-06-03 03:20 - 000000392 _____ C:\WINDOWS.1\Tasks\Opera scheduled

Autoupdate 1382443258.job
2017-09-15 00:24 - 2015-01-02 15:33 - 000022528 _____ C:\Documents and

Settings\Administrator.JWH\My Documents\Copy of UserNamesAndPasswordsPROTECTED

(Autosaved).xlsx
2017-09-15 00:24 - 2014-12-18 04:20 - 000000000 ____D C:\Documents and

Settings\Administrator.JWH\Desktop\debt-reduction-calculator
2017-09-14 15:15 - 2016-10-10 16:36 - 000000811 _____ C:\Documents and Settings\All

Users.WINDOWS.1\Desktop\Smart Defrag 5.lnk
2017-09-14 15:15 - 2016-05-24 00:23 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Start Menu\Programs\Smart Defrag
2017-09-14 15:15 - 2016-05-24 00:23 - 000000000 ____D C:\Documents and Settings\All

Users.WINDOWS.1\Start Menu\Programs\Smart Defrag
2017-09-13 02:33 - 2015-09-26 03:30 - 000000896 _____ C:\WINDOWS.1\Tasks\Adobe Flash

Player PPAPI Notifier.job
2017-09-13 02:33 - 2014-05-06 14:16 - 000803328 _____ (Adobe Systems Incorporated)

C:\WINDOWS.1\system32\FlashPlayerApp.exe
2017-09-13 02:33 - 2014-05-06 14:16 - 000144896 _____ (Adobe Systems Incorporated)

C:\WINDOWS.1\system32\FlashPlayerCPLApp.cpl
2017-09-13 02:33 - 2014-04-16 16:26 - 000000000 ____D C:\WINDOWS.1\system32\Macromed
2017-08-31 19:04 - 2016-04-14 16:19 - 000000610 _____ C:\Documents and Settings\All

Users.WINDOWS.1\Desktop\MediaMonkey.lnk
2017-08-31 01:30 - 2014-04-17 17:10 - 000023040 _____ C:\Documents and

Settings\Administrator.JWH\Local Settings\Application

Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2008-02-06 03:25 - 2003-12-04 19:23 - 000000157 ____C () C:\Program Files\--[100.0%

OK]--[0.0% MISSING]--[0.0% BAD]--
2006-08-31 18:42 - 2006-08-31 18:42 - 000000000 ____C () C:\Program Files\ac
2004-12-13 18:01 - 2004-08-27 11:10 - 000339835 ____C () C:\Program Files\american.clx
2004-12-13 18:01 - 2004-08-27 11:10 - 000007698 ____C () C:\Program Files\american.tlx
2008-02-06 03:25 - 2003-09-04 14:15 - 001724416 _____ () C:\Program Files\Antanta.exe
2010-11-08 05:15 - 2010-09-05 21:52 - 000069632 _____ ( ) C:\Program Files\auxsetup.exe
2004-12-13 18:01 - 2004-08-27 11:10 - 000347633 ____C () C:\Program Files\british.clx
2004-12-13 18:01 - 2004-08-27 11:10 - 000007698 ____C () C:\Program Files\british.tlx
2010-11-08 05:15 - 2009-09-14 00:13 - 000018321 _____ () C:\Program Files\copying
2004-12-13 17:39 - 2004-12-13 18:01 - 000003260 ____C () C:\Program Files\deudora.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000049219 ____C (QUALCOMM Incorporated) C:\Program

Files\DirServ.dll
2004-12-13 18:01 - 2004-11-01 16:03 - 000014310 ____C () C:\Program Files\Eudora.cnt
 
Part 10 (last part of FRST file):


2004-12-13 18:01 - 2004-11-08 17:12 - 002728003 ____C (QUALCOMM Incorporated) C:\Program

Files\Eudora.exe
2004-12-13 18:01 - 2004-11-01 16:03 - 001106972 ____C () C:\Program Files\EUDORA.hlp
2004-12-13 18:01 - 2004-08-27 11:10 - 000000304 ____C () C:\Program Files\eudora.htm
2004-12-13 18:01 - 2004-08-27 11:10 - 000016938 ____C () C:\Program Files\eudora.tip
2004-12-13 18:01 - 2004-11-08 17:12 - 002035781 ____C (QUALCOMM Incorporated) C:\Program

Files\Eudora32.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000036933 ____C (Qualcomm, Inc.) C:\Program

Files\EudoraBk.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000002338 ____C () C:\Program

Files\EudoraCCProfiles.xml
2004-12-13 18:01 - 2004-08-27 11:10 - 000049213 ____C (QUALCOMM Incorporated) C:\Program

Files\EuGraph.ocx
2004-12-13 18:01 - 2004-08-27 11:10 - 000082944 ____C (QUALCOMM Incorporated) C:\Program

Files\EUMAPI.DLL
2004-12-13 18:01 - 2004-08-27 11:10 - 000147537 ____C (QUALCOMM Incorporated) C:\Program

Files\EuMAPI32.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000024647 ____C (QUALCOMM Incorporated) C:\Program

Files\EuMemMgr.dll
2004-12-13 17:39 - 2004-08-27 11:10 - 000001640 ____C () C:\Program Files\finger.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000233901 ____C () C:\Program Files\FlameLex.dat
2007-04-12 16:14 - 2007-04-12 16:14 - 000818856 ____H () C:\Program Files\Google

Updater.exe
2008-02-06 03:25 - 2003-12-04 16:41 - 000001653 _____ () C:\Program Files\grutewwbcd.nfo
2008-02-06 03:25 - 2003-12-04 16:44 - 000557141 _____ () C:\Program Files\grutewwbcd.rar
2008-02-06 03:25 - 2003-12-04 16:41 - 000000079 _____ () C:\Program Files\grutewwbcd.sfv
2004-12-13 18:01 - 2004-11-08 17:12 - 000110658 ____C (QUALCOMM Incorporated) C:\Program

Files\Imap.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000032831 ____C (Qualcomm, Inc.) C:\Program

Files\ISock.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000065597 ____C (QUALCOMM Incorporated) C:\Program

Files\Ldap.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000138752 ____C (University of Michigan) C:\Program

Files\LDAP32.DLL
2004-12-13 17:39 - 2004-08-27 11:10 - 000004567 ____C () C:\Program Files\LDAPinit.ini
2004-12-13 18:01 - 2004-10-06 15:36 - 000015269 ____C () C:\Program Files\License.txt
2004-12-13 18:01 - 2004-09-20 11:10 - 000168011 ____C (QUALCOMM Incorporated) C:\Program

Files\NSImport.eif
2004-12-13 18:01 - 2004-09-20 11:10 - 000155723 ____C (QUALCOMM Incorporated) C:\Program

Files\OEImport.eif
2004-12-13 18:01 - 2004-09-20 11:10 - 000180299 ____C (QUALCOMM Incorporated) C:\Program

Files\OLImport.eif
2004-12-13 18:01 - 2004-10-25 17:08 - 000307276 ____C (QUALCOMM Incorporated) C:\Program

Files\Paige32.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000061497 ____C (QUALCOMM Incorporated) C:\Program

Files\Ph.dll
2004-12-13 17:39 - 2004-08-27 11:10 - 000002546 ____C () C:\Program Files\ph.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000409368 ____C () C:\Program Files\Qckstart.pdf
2004-12-13 18:01 - 2004-11-08 17:12 - 000065607 ____C (QUALCOMM Incorporated) C:\Program

Files\QCSocket.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000499777 ____C (QUALCOMM Incorporated) C:\Program

Files\QCSSL.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000077893 ____C (QUALCOMM Incorporated) C:\Program

Files\QCUtils.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000030764 ____C () C:\Program Files\Readme.txt
2004-12-13 18:01 - 2004-11-09 16:57 - 000024747 ____C () C:\Program Files\RelNotes.txt
2004-12-13 18:01 - 2004-09-27 18:13 - 000023043 ____C () C:\Program Files\rootcerts.p7b
2004-12-13 18:01 - 2004-08-27 11:10 - 000112128 ____C (Wintertree Software Inc.)

C:\Program Files\SPELL32.DLL
2004-12-13 18:01 - 2004-08-27 11:10 - 000180298 ____C (Qualcomm, Inc.) C:\Program

Files\swEudora.exe
2015-10-29 15:56 - 2015-10-29 15:56 - 000448512 _____ (OldTimer Tools) C:\Program

Files\TFC.exe
2006-02-06 06:15 - 1999-06-25 10:55 - 000149504 _____ () C:\Program Files\UNWISE.EXE
2006-02-06 06:16 - 2007-08-28 04:28 - 000000072 ____C () C:\Program Files\UNWISE.INI
2010-11-08 05:15 - 2010-09-05 21:52 - 000069632 _____ ( ) C:\Program Files\vdicmdrv.dll
2010-11-08 05:15 - 2010-09-05 21:52 - 000073728 _____ ( ) C:\Program Files\vdremote.dll
2010-11-08 05:15 - 2010-09-05 21:51 - 000065536 _____ ( ) C:\Program Files\vdsvrlnk.dll
2010-11-08 05:15 - 2010-09-05 21:52 - 000008704 _____ ( ) C:\Program Files\vdub.exe
2010-11-08 05:15 - 2010-09-05 21:54 - 000246773 _____ () C:\Program Files\VirtualDub.chm
2010-11-08 05:15 - 2010-09-05 21:52 - 002669056 _____ () C:\Program Files\VirtualDub.exe
2010-11-08 05:15 - 2010-09-05 21:52 - 000220635 _____ () C:\Program Files\VirtualDub.vdi
2010-11-08 05:42 - 2005-07-15 11:22 - 002728537 _____ () C:\Program Files\wax20e.exe
2006-10-09 04:36 - 2006-10-09 04:38 - 011289224 _____ (Yahoo! Inc.) C:\Program

Files\widgetsus.exe
2014-05-26 16:44 - 2014-05-26 16:44 - 000000000 ____H () C:\Documents and

Settings\Administrator.JWH\Application Data\ActUpdate.log
2014-04-17 17:10 - 2017-08-31 01:30 - 000023040 _____ () C:\Documents and

Settings\Administrator.JWH\Local Settings\Application

Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-21 23:42 - 2017-09-21 23:42 - 000000036 _____ () C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\housecall.guid.cache
2015-07-10 16:37 - 2015-07-10 16:37 - 000004096 ____H () C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\keyfile3.drm
2017-03-20 03:20 - 2017-03-20 03:20 - 000000218 _____ () C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\recently-used.xbel
2015-08-02 03:52 - 2015-08-02 03:53 - 000000025 ____H () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\.119889580931711767808769176
2015-08-02 03:49 - 2015-08-02 03:49 - 000000021 ____H () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\.24554863501262644635642126105
2015-08-16 06:20 - 2015-08-16 06:20 - 000000025 ____H () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\.811261211181235583101118113995
2014-10-30 14:35 - 2014-10-30 14:35 - 000044936 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1414704854.bdinstall.bin
2014-10-30 14:37 - 2014-10-30 14:37 - 000002067 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1414705052.2752.bin
2014-10-30 14:37 - 2014-10-30 14:38 - 000043587 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1414705052.3120.bin
2014-10-30 14:38 - 2014-10-30 14:38 - 000000497 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1414705052.3348.bin
2014-10-30 14:51 - 2014-10-30 14:51 - 000277873 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1414705523.bdinstall.bin
2016-08-28 09:01 - 2016-08-28 09:01 - 000037178 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1472400068.bdinstall.bin
2016-08-28 09:02 - 2016-08-28 09:02 - 000058564 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1472400077.bdinstall.bin
2016-08-28 09:15 - 2016-08-28 09:15 - 000098682 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1472400471.bdinstall.bin
2016-09-20 14:35 - 2016-09-20 14:35 - 000306944 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\1474407212.bdinstall.bin
2014-05-26 16:45 - 2014-05-26 16:45 - 000000088 __RSH () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\F3627895AB.sys
2014-05-26 16:45 - 2017-08-03 18:44 - 000001004 ___SH () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\KGyGaAvL.sys
2017-05-14 00:18 - 2017-05-14 00:21 - 000003561 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\lpm.dat
2014-08-27 18:16 - 2017-05-13 18:41 - 000000898 _____ () C:\Documents and Settings\All

Users.WINDOWS.1\Application Data\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Documents and Settings\Jack Holland.JACK\AWEMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\AWEMAN32.DLL
C:\Documents and Settings\Jack Holland.JACK\CIFMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\CSPMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\gzip.exe
C:\Documents and Settings\Jack Holland.JACK\UIDLL16.DLL
C:\Documents and Settings\Jack Holland.JACK\UPDDRV95.EXE


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS.1\explorer.exe => MD5 is legit
C:\WINDOWS.1\system32\winlogon.exe => MD5 is legit
C:\WINDOWS.1\system32\svchost.exe => MD5 is legit
C:\WINDOWS.1\system32\services.exe => MD5 is legit
C:\WINDOWS.1\system32\User32.dll => MD5 is legit
C:\WINDOWS.1\system32\userinit.exe => MD5 is legit
C:\WINDOWS.1\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.1\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS.1\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of FRST.txt ============================
 
Addition file part 1:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2017
Ran by Administrator (23-09-2017 23:33:31)
Running from C:\Documents and Settings\Administrator.JWH\My Documents\Downloads
Microsoft Windows XP Service Pack 3 (X86) (2015-03-20 15:56:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-583907252-115176313-1801674531-500 - Administrator - Enabled) =>

%SystemDrive%\Documents and Settings\Administrator.JWH
ASPNET (S-1-5-21-583907252-115176313-1801674531-1003 - Limited - Enabled)
Guest (S-1-5-21-583907252-115176313-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-115176313-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-583907252-115176313-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide

them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ACT! by Sage Premium 2009 (11.0) (HKLM\...\{396CE0B5-DC06-46D2-A870-47798143AE85})

(Version: 11.0.0.0 - Sage Software, Inc.) Hidden
ACT! by Sage Premium 2009 (11.0)

(HKLM\...\InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}) (Version: 11.0.0.0 - Sage

Software, Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch

(HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130

- Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 -

Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 -

Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 -

Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.3 (HKLM\...\{8C1D4735-84E4-41E2-A1DB-70EADE27633C}) (Version:

3.3.1 - Adobe)
 
Addition file part 2:







Advanced ACT Password Recovery (remove only) (HKLM\...\Advanced ACT Password Recovery)

(Version: - )
Advanced SystemCare 10 (HKLM\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1)

(Version: 2.0.2.0 - Amazon)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039})

(Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version:

2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:

2.1.3.127 - Apple Inc.)
Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109

- Bitdefender)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version:

2.0.2.0 - Apple Inc.)
Close Combat (HKLM\...\Close Combat1.00) (Version: 1.00 - Matrix Games)
Close Combat Cross of Iron (HKLM\...\Close Combat Cross of Iron1.00) (Version: 1.00 -

Matrix Games)
Connect (HKLM\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe

Systems Incorporated) Hidden
Daum PotPlayer 1.5.45955 (HKLM\...\PotPlayer) (Version: - )
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.238 - DivX, LLC)
Driver Booster 3.3 (HKLM\...\Driver Booster_is1) (Version: 3.3 - IObit)
Dsc Pro (HKLM\...\Dsc Pro) (Version: - )
Epic Privacy Browser (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Epic) (Version:

48.0.2553.0 - Epic)
Epson Event Manager (HKLM\...\{F04A0091-BEEF-4DDA-B625-48A311DD36F0}) (Version: 2.40.0006

- SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Evernote v. 5.8.6 (HKLM\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519

- Evernote Corp.)
Exact Audio Copy 1.1 (HKLM\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Flux) (Version: - f.lux

Software LLC)
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version:

1.2.225.65451 - WinZip Computing International, LLC)
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final

Draft, Inc.)
Final Draft 7 (HKLM\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.1.19 -

Final Draft, Inc.)
Garvinweb.com - MONEY! Jr. CD-ROM (HKLM\...\Garvinweb.com - MONEY! Jr. CD-ROM) (Version:

- )
Global Trading System Pro UK (HKLM\...\{8CEAFBCB-FA17-4CD0-BC08-499BA25A6799}) (Version:

81.1.484 - City Index)
GLUCOFACTS(TM) Deluxe (HKLM\...\{3E04DB74-CFA4-47DB-836F-11FA1F6A016D}) (Version: 3.09.02

- Bayer HealthCare)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 -

Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5

- Google Inc.) Hidden
 
Addition file part 3:














Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version:

1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 -

LogMeIn, Inc.)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\GoToMeeting)

(Version: 7.16.0.4800 - CitrixOnline)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67})

(Version: 11.51.0048 - Hewlett-Packard Company)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version:

4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 -

HTC)
iCare Data Recovery 5.1 (HKLM\...\iCare Data Recovery_is1) (Version: - iCare Software)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.2 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3})

(Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 -

Oracle Corporation)
Jing (HKLM\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith

Corporation)
kuler (HKLM\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems

Incorporated) Hidden
LibreOffice 5.3.5.2 (HKLM\...\{58C4EC76-D347-41F0-89D7-30CB01473C37}) (Version: 5.3.5.2 -

The Document Foundation)
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1)

(Version: 2.2.1.1043 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.44.1.3 - Marvell)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: -

)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: -

)
Microsoft .NET Framework 2.0 Service Pack 2

(HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft

Corporation)
Microsoft .NET Framework 3.0 Service Pack 2

(HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft

Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client

Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended)

(Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1

- Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable

(HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft

Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:

5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft

Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686})

(Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English)

(HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft

Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD})

(Version: 9.00.5000.00 - Microsoft Corporation)
 
Addition file part 4:




Microsoft Visual C++ 2005 Redistributable

(HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable

(HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

(HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

(HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

(HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

(HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft

Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

(HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft

Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

(HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft

Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version:

14.0.6120.5002 - Microsoft Corporation)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0.6423 -

Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US))

(Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version:

4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version:

4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0

- Microsoft Corporation)
NVIDIA Graphics Driver 260.99

(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 -

NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 -

NVIDIA Corporation)
OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software

Corp.)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 -

Apache Software Foundation)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera

Software)
Password Recovery Bundle 2013 (HKLM\...\Password Recovery Bundle 2013_is1) (Version: -

Top Password Software, Inc.)
PDF Settings CS4 (HKLM\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe

Systems Incorporated) Hidden
Philips Songbird (HKLM\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke

Philips Electronics N.V.)
Photoshop Camera Raw (HKLM\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 -

Adobe Systems Incorporated) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 -

Intuit)
REALTEK Gigabit and Fast Ethernet NIC Driver

(HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor

Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})

(Version: 5.10.0.6053 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.34

- Remo Software)
Samsung ML-1710 Series (HKLM\...\{18499419-2B80-4C3F-86D3-C6C45CD2062E}) (Version: - )
SeaTools for Windows 1.4.0.2 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate

Technology)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype

Technologies S.A.)
Smart Defrag 5 (HKLM\...\Smart Defrag_is1) (Version: 5.7.0 - IObit)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6380 -

Analog Devices)
Spotify (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Spotify) (Version:

1.0.20.101.ge6957e14 - Spotify AB)
 
Addition file part 5:




Microsoft Visual C++ 2005 Redistributable

(HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable

(HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

(HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

(HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

(HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

(HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft

Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

(HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft

Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

(HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft

Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version:

14.0.6120.5002 - Microsoft Corporation)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0.6423 -

Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US))

(Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version:

4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version:

4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0

- Microsoft Corporation)
NVIDIA Graphics Driver 260.99

(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 -

NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 -

NVIDIA Corporation)
OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software

Corp.)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 -

Apache Software Foundation)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera

Software)
Password Recovery Bundle 2013 (HKLM\...\Password Recovery Bundle 2013_is1) (Version: -

Top Password Software, Inc.)
PDF Settings CS4 (HKLM\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe

Systems Incorporated) Hidden
Philips Songbird (HKLM\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke

Philips Electronics N.V.)
Photoshop Camera Raw (HKLM\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 -

Adobe Systems Incorporated) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 -

Intuit)
REALTEK Gigabit and Fast Ethernet NIC Driver

(HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor

Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})

(Version: 5.10.0.6053 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.34

- Remo Software)
Samsung ML-1710 Series (HKLM\...\{18499419-2B80-4C3F-86D3-C6C45CD2062E}) (Version: - )
SeaTools for Windows 1.4.0.2 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate

Technology)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype

Technologies S.A.)
Smart Defrag 5 (HKLM\...\Smart Defrag_is1) (Version: 5.7.0 - IObit)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6380 -

Analog Devices)
Spotify (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Spotify) (Version:

1.0.20.101.ge6957e14 - Spotify AB)
Suite Shared Configuration CS4 (HKLM\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434})

(Version: 1.0 - Adobe Systems Incorporated) Hidden
Taskix 2.1 (HKLM\...\{E80F9F48-86F8-447D-8CDC-A98B1870C1D4}) (Version: 2.1.1 - Robust IT)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F})

(Version: 1.2.0 - DivX, Inc) Hidden
VMeisoft Flash SWF Converter version 3.0.2.9 (HKLM\...\VMeisoft Flash SWF Converter_is1)

(Version: 3.0.2.9 - VMeisoft)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 -

Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version:

2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009

2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009

2.0.0010.00002 - Google, Inc.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version:

1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: -

Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2

- Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version:

3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft

Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2

(HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2

(HKLM\...\{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}) (Version: 5.2.70 - Microsoft)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 -

Microsoft Corporation)
Windscribe version 1.70 build 4 (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1)

(Version: 1.70 build 4 - Windscribe)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 -

WinZip Computing, S.L. )
ZoomCam M1598 (HKLM\...\{9E88FCF0-8413-4451-870A-621762E2B1CD}) (Version:

2.0.0.0000 - OmniVision Technologies, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file

will not be moved unless listed separately.)

CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62

CF7474FFE5}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe

(Epic Privacy Browser)
 
Addition file part 6:





CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{6959B6E8-B5E0-4E64-B1B4-C8

2969BAF394}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic

Privacy Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{81e5adb4-92d6-4414-a1e6-d8

23ef6f32e1}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy

Browser\Application\48.0.2553.0\delegate_execute.exe (Hidden Reflex)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{84D964EE-0441-4A42-8146-06

99AE05DDC3}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic

Privacy Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41

FA1F7EC450}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe

(Epic Privacy Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9

ED32DD063C}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe

(Epic Privacy Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02

571A12A789}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe (Epic Privacy

Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7

A91D15CCCA}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll

(Epic Privacy Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF

25F77CBBEA}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe

(Epic Privacy Browser)
CustomCLSID:

HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2

730ED051EF}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local

Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll

(Epic Privacy Browser)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] ->

{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program

Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] ->

{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program

Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] ->

{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program

Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => ->

No File
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>

C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program

Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>

C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09}

=> C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} =>

C:\Program Files\Google\Drive\contextmenu32.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program

Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02]

(Bitdefender)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8}

=> C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>

C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>

C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} =>

C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers1: [Open With EncryptionMenu] ->

{A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08]

(Microsoft Corporation)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>

C:\WINDOWS.1\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program

Files\WinZip\wzshlstb.dll [2014-05-02] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>

C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2016-09-20] (IObit)
ContextMenuHandlers2: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>

C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} =>

C:\WINDOWS.1\system32\ntshrui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] ->

{C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive

CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
 
Addition part 7:



ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program

Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>

C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>

C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} =>

C:\Program Files\Google\Drive\contextmenu32.dll [2017-08-31] (Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8}

=> C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>

C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers4: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>

C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} =>

C:\WINDOWS.1\system32\ntshrui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program

Files\WinZip\wzshlstb.dll [2014-05-02] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>

C:\WINDOWS.1\system32\igfxpph.dll [2007-01-13] (Intel Corporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} =>

C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} =>

C:\WINDOWS.1\system32\nvcpl.dll [2010-10-16] (NVIDIA Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] ->

{C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive

CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program

Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02]

(Bitdefender)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8}

=> C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>

C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>

C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>

C:\WINDOWS.1\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program

Files\WinZip\wzshlstb.dll [2014-05-02] (WinZip Computing, S.L.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file

which is running by the task will not be moved.)

Task: C:\WINDOWS.1\Tasks\Adobe Flash Player PPAPI Notifier.job =>

C:\WINDOWS.1\system32\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: C:\WINDOWS.1\Tasks\Adobe Flash Player Updater.job =>

C:\WINDOWS.1\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS.1\Tasks\DivXUpdate.job => C:\Program Files\Common Files\DivX Shared\DivX

Update\DivXUpdate.exe
Task: C:\WINDOWS.1\Tasks\Driver Booster Scheduler.job => C:\Program Files\IObit\Driver

Booster\Scheduler.exe
Task: C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program

Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program

Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.1\Tasks\Microsoft Windows XP End of Service Notification Monthly.job =>

C:\WINDOWS.1\system32\xp_eos.exe
Task: C:\WINDOWS.1\Tasks\Opera scheduled Autoupdate 1382443258.job => C:\Program

Files\Opera\launcher.exe
Task: C:\WINDOWS.1\Tasks\SmartDefrag_AutoAnalyze.job => C:\Program Files\IObit\Smart

Defrag\AutoDefrag.exe
Task: C:\WINDOWS.1\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart

Defrag\SmartDefrag.exe
Task: C:\WINDOWS.1\Tasks\SmartDefrag_Update.job => C:\Program Files\IObit\Smart

Defrag\AutoUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Administrator.JWH\NetHood\My Web Sites on

MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Bayer

HealthCare\GLUCOFACTS Deluxe\GLUCOFACTS Deluxe v3.09.lnk -> C:\Program Files\Bayer

HealthCare\GLUCOFACTS Deluxe\run.bat ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS.1\Desktop\GLUCOFACTS Deluxe

v3.09.lnk -> C:\Program Files\Bayer HealthCare\GLUCOFACTS Deluxe\run.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-09-20 14:34 - 2013-03-19 11:07 - 000522136 _____ () C:\Program

Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-09-20 14:34 - 2013-09-03 13:29 - 000105448 _____ () C:\Program

Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2013-10-17 16:27 - 2013-10-17 16:27 - 000166912 _____ () C:\Program Files\HTC\Internet

Pass-Through\PassThruSvr.exe
2016-11-21 23:06 - 2016-06-21 20:30 - 000442144 _____ () C:\Program Files\IObit\IObit

Uninstaller\madExcept_.bpl
2016-11-21 23:06 - 2016-06-21 20:29 - 000210720 _____ () C:\Program Files\IObit\IObit

Uninstaller\madBasic_.bpl
2016-11-21 23:06 - 2016-06-21 20:29 - 000059680 _____ () C:\Program Files\IObit\IObit

Uninstaller\madDisAsm_.bpl
2016-11-21 23:06 - 2015-12-28 14:50 - 000899872 _____ () C:\Program Files\IObit\IObit

Uninstaller\webres.dll
2016-11-21 23:06 - 2016-09-26 14:59 - 000631072 _____ () C:\Program Files\IObit\IObit

Uninstaller\ProductStatistics.dll
2004-08-04 03:00 - 2008-04-14 05:41 - 000059904 _____ ()

C:\WINDOWS.1\system32\devenum.dll
2004-08-04 03:00 - 2008-04-14 05:42 - 000014336 _____ () C:\WINDOWS.1\system32\msdmo.dll
2017-09-20 18:07 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files\IObit\Advanced

SystemCare\webres.dll
2017-09-20 17:37 - 2017-05-17 13:45 - 000631584 _____ () C:\Program Files\IObit\Advanced

SystemCare\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)
 
Addition part 8:



AlternateDataStreams: C:\Program Files\TFC.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JACK-9B5A923336\My

Documents\IMDb Video Player: Dan Starbuck Demo.net%2Fa2643 [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\12 Things

Wealthy People Do.txt:DocumentSummaryInformation [79]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\12 Things

Wealthy People Do.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\Fisher_m11.mq4:CursorPos [890]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\Fisher_m11.mq4:LineFlags [866]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\fxgtstsuk.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\fxsolutionsuk4setup.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\Hide.me-Setup-1.2.6.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\jre-8u31-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\Setup-Trelby-2.2.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\sp60088.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\TFC.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My

Documents\WoT_internet_install_na.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application

Data\TEMP:56E2E879 [238]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS2\Application

Data\TEMP:DFC5A2B2 [118]
AlternateDataStreams: C:\Documents and Settings\Jack Holland.JACK\My Documents\IMDb Video

Player: Dan Starbuck Demo.net%2Fa2643 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The

"AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or

removed.)


==================== Internet Explorer trusted/restricted ===============
 
Addition part 9:


(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\008i.com ->

008i.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\008k.com ->

008k.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\00hq.com ->

00hq.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0190-dialers.com

-> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\01i.info ->

01i.info
IE restricted site:

HKU\S-1-5-21-583907252-115176313-1801674531-500\...\02pmnzy5eo29bfk4.com ->

02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\05p.com ->

05p.com
IE restricted site:

HKU\S-1-5-21-583907252-115176313-1801674531-500\...\07ic5do2myz3vzpk.com ->

07ic5do2myz3vzpk.com
IE restricted site:

HKU\S-1-5-21-583907252-115176313-1801674531-500\...\08nigbmwk43i01y6.com ->

08nigbmwk43i01y6.com
IE restricted site:

HKU\S-1-5-21-583907252-115176313-1801674531-500\...\093qpeuqpmz6ebfa.com ->

093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0calories.net ->

0calories.net
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0cj.net ->

0cj.net
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0scan.com ->

0scan.com
IE restricted site:

HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1-britney-spears-nude.com ->

1-britney-spears-nude.com
IE restricted site:

HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1-domains-registrations.com ->

1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1-se.com ->

1-se.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1001movie.com ->

1001movie.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1001night.biz ->

1001night.biz
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\100gal.net ->

100gal.net
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\100sexlinks.com

-> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 05:00 - 2017-04-04 14:10 - 000001663 _____

C:\WINDOWS.1\system32\Drivers\etc\hosts

127.0.0.1 localhost
 
Addition part 10:



127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-583907252-115176313-1801674531-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
 
Addition part 11:









sharedaccess => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^Administrator.JWH^Start

Menu^Programs^Startup^EvernoteClipper.lnk => C:\WINDOWS.1\pss\EvernoteClipper.lnkStartup
MSCONFIG\startupreg: Act! Preloader => "C:\Program Files\ACT\Act for Windows\ActSage.exe"

-preload
MSCONFIG\startupreg: Act.Outlook.Service => "C:\Program Files\ACT\Act for

Windows\Act.Outlook.Service.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common

Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 8 =>
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files\Amazon\Amazon Games &

Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS.1\system32\ctfmon.exe
MSCONFIG\startupreg: Epic Privacy Browser Installer => "C:\Documents and

Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy

Browser\Installer\EpicUpdate.exe" /c
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association

Helper\FAHConsole.exe
MSCONFIG\startupreg: Hide.me =>
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS.1\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS.1\system32\igfxtray.exe
MSCONFIG\startupreg: KeyScrambler =>
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Persistence => C:\WINDOWS.1\system32\igfxpers.exe
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files\Philips\Philips

Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SoundMAX => "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"

/tray
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file

will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe]

=> Enabled:potPlayer
 
You must log in or register to reply here.

Similar threads

Shawn Knight
When Asus and MSI battle over OLED monitor burn-in warranties, consumers win
Replies
7
Views
299
ddferrari
ddferrari
D
Windows 11 is getting a redesigned Settings homepage and new backup app
Replies
13
Views
2K
neeyik
neeyik
Shawn Knight
It's now possible to activate Windows XP offline, algorithm gets cracked
2
Replies
30
Views
1K
MakeMSGreatAgain
M

Latest posts

Back