Solved Win Xp Strange Issues possible Malware

[JackH]

Addition part 12:

Got this for part 12

The following error occurred:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.

 

[JackH]

Addition part 13:


StandardProfile\GloballyOpenPorts: [7852:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [7853:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [27022:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [6881:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [33333:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [20443:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [8090:TCP] => Disabled:War Thunder

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2017 11:19:20 PM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

 

[JackH]

Addition file part 14:


Error: (09/22/2017 11:59:22 PM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/22/2017 08:21:48 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/22/2017 07:25:14 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/22/2017 06:07:32 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/22/2017 06:01:19 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/22/2017 05:31:00 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/22/2017 05:00:08 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/21/2017 11:29:12 PM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].

Error: (09/21/2017 10:57:55 PM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized

[0x800706ba].


System errors:
=============
Error: (09/20/2017 06:06:54 PM) (Source: Service Control Manager) (EventID: 7034) (User:

)
Description: The Advanced SystemCare Service 10 service terminated unexpectedly. It has

done this 2 time(s).

Error: (09/20/2017 05:35:28 PM) (Source: Service Control Manager) (EventID: 7034) (User:

)
Description: The Advanced SystemCare Service 10 service terminated unexpectedly. It has

done this 1 time(s).

Error: (09/13/2017 11:10:31 PM) (Source: Service Control Manager) (EventID: 7034) (User:

)
Description: The WindscribeService service terminated unexpectedly. It has done this 1

time(s).

Error: (09/06/2017 07:26:31 PM) (Source: Service Control Manager) (EventID: 7011) (User:

)
Description: Timeout (30000 milliseconds) waiting for a transaction response from the

stisvc service.

 

[JackH]

Addition file part 15:



Error: (09/04/2017 10:58:16 PM) (Source: Service Control Manager) (EventID: 7011) (User:

)
Description: Timeout (30000 milliseconds) waiting for a transaction response from the

nvsvc service.

Error: (09/03/2017 04:58:20 PM) (Source: DCOM) (EventID: 10001) (User: JWH)
Description: Unable to start a DCOM Server: {AB97EDE4-091B-405F-83E6-9A31AD18EDAF} as /.
The error:
"%%3 = The system cannot find the path specified."
Happened while starting this command:
F:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE -Embedding

Error: (09/03/2017 04:57:57 PM) (Source: DCOM) (EventID: 10001) (User: JWH)
Description: Unable to start a DCOM Server: {AB97EDE4-091B-405F-83E6-9A31AD18EDAF} as /.
The error:
"%%3 = The system cannot find the path specified."
Happened while starting this command:
F:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE -Embedding

Error: (09/03/2017 04:11:15 AM) (Source: Service Control Manager) (EventID: 7034) (User:

)
Description: The Advanced SystemCare Service 10 service terminated unexpectedly. It has

done this 1 time(s).

Error: (08/28/2017 07:37:38 AM) (Source: Service Control Manager) (EventID: 7034) (User:

)
Description: The WindscribeService service terminated unexpectedly. It has done this 1

time(s).

Error: (08/23/2017 02:53:13 PM) (Source: Service Control Manager) (EventID: 7000) (User:

)
Description: The IMF Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

 

[JackH]

Addition file part 16 (last part):



==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.20GHz
Percentage of memory in use: 31%
Total physical RAM: 2047.29 MB
Available physical RAM: 1406.1 MB
Total Virtual: 3939.17 MB
Available Virtual: 3317.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.78 GB) (Free:14.36 GB) NTFS ==>[drive with boot components

(Windows XP)]
Drive d: (DRV2_VOL1) (Fixed) (Total:149.05 GB) (Free:22.65 GB) NTFS ==>[drive with boot

components (Windows XP)]
Drive e: (XP_SP3) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive g: (New Volume) (Fixed) (Total:698.64 GB) (Free:370.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 586F586F)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 3055AE38)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: AAF11F1C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[JackH]

So I posted all the parts except for part 3 of the FRST file and part 12 of the Addition file. Both received the spam-like error that prevented me from posting them. I posted from notepad in plain text. If you need them, any suggestions on what I need to do to be able to post them?

I also noticed in one post an emoticon replace a ":" and a "p" together. I don't know how that happened or how to fix it.

Thank you again.

Jack

 

[Broni]

Please disable "word wrap" in Notepad, because your logs are almost impossible to read.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[JackH]

Following are two reports from Roguekiller and one from JRT. The newly downloaded MWB couldn't connect to service and the older version 6 of ADW cleaner I had to download because I'm running XP had a write to memory error when I hit clean.

 

[JackH]

JRT report

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on Mon 09/25/2017 at 6:06:39.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Failed to delete: C:\Program Files\coupons (Folder)
Successfully deleted: C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984\user.js (File)
Successfully deleted: C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh (Folder)
Successfully deleted: C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\aoiidodopnnhiflaflbfeblnojefhigh (Folder)
Successfully deleted: C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll (File)
Successfully deleted: C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll (File)

Deleted the following from C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984\prefs.js
user_pref(browser.startup.homepage, hxxps://startpage.com/eng/);



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/25/2017 at 6:08:42.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[JackH]

Roguekiller scan report



Got the spam like content for this.

 

[JackH]

Roguekiller delete report

Got the spam like content for this as well.

 

[Broni]

Attach it.

 

[JackH]

Okay, here's the Roguekiller scan and delete reports.

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[JackH]

ComboFix 17-09-14.01 - Administrator 09/27/2017 2:41.1.2 - x86
Running from: c:\documents and settings\Administrator.JWH\Desktop\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Ahmbed.gz
c:\documents and settings\Administrator.JACK-9B5A923336\WINDOWS
c:\documents and settings\Administrator.JWH\System
c:\documents and settings\Administrator.JWH\System\win_qs8.jqx
c:\documents and settings\All Users.WINDOWS.1\Application Data\1414704854.bdinstall.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1414705052.2752.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1414705052.3120.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1414705052.3348.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1414705523.bdinstall.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1472400068.bdinstall.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1472400077.bdinstall.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1472400471.bdinstall.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\1474407212.bdinstall.bin
c:\documents and settings\All Users.WINDOWS.1\Application Data\F3627895AB.sys
c:\documents and settings\All Users.WINDOWS.1\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS.1\Application Data\TEMP\RAIDTest
c:\documents and settings\Jack Holland.JACK\g2mdlhlpx.exe
c:\documents and settings\Jack Holland.JACK\gzip.exe
c:\documents and settings\Jack Holland.JACK\WINDOWS
c:\program files\Common Files\uninstall information
c:\program files\Conference
c:\program files\Conference\Conference.db
c:\program files\Conference\Conference.dll
c:\program files\Conference\Conference.exe
c:\program files\Conference\Conference.hst
c:\program files\Conference\Conference.ini
c:\program files\Conference\Languages\de.xml
c:\program files\Conference\Languages\en.xml
c:\program files\Conference\Languages\es.xml
c:\program files\Conference\Languages\fr.xml
c:\program files\Conference\Languages\pt.xml
c:\program files\Conference\Languages\ru.xml
c:\program files\GOOGLE~1.exe
c:\program files\Power Search Tool
c:\program files\Power Search Tool\alert_plugin.dll
c:\program files\Power Search Tool\basis.xml
c:\program files\Power Search Tool\ebay.bmp
c:\program files\Power Search Tool\icons.bmp
c:\program files\Power Search Tool\logo-4.bmp
c:\program files\Power Search Tool\mbback.bmp
c:\program files\Power Search Tool\mbbigopen.bmp
c:\program files\Power Search Tool\mbclose.bmp
c:\program files\Power Search Tool\mbfwd.bmp
c:\program files\Power Search Tool\mbsep.bmp
c:\program files\Power Search Tool\nav1c.bmp
c:\program files\Power Search Tool\options.html
c:\program files\Power Search Tool\PowerSearchTool4_0.crc
c:\program files\Power Search Tool\version.txt
c:\program files\readme.txt
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
C:\WgaLogon.dll
C:\WgaTray.exe
c:\windows.1\wc98pp.dll
D:\install.exe
D:\SETUP.EXE
G:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2017-08-27 to 2017-09-27 )))))))))))))))))))))))))))))))
.
.
2017-09-26 12:13 . 2017-02-19 19:15 220192 ----a-w- c:\windows.1\system32\drivers\keyscrambler.sys
2017-09-26 12:12 . 2017-09-26 12:13 -------- d-----w- c:\program files\KeyScrambler
2017-09-25 13:26 . 2017-09-25 13:28 -------- d-----w- C:\AdwCleaner
2017-09-25 12:21 . 2017-08-24 18:27 59904 ----a-w- c:\windows.1\system32\drivers\mbae.sys
2017-09-25 12:20 . 2017-09-25 12:20 -------- d-----w- c:\program files\Malwarebytes
2017-09-25 12:10 . 2017-09-25 12:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\MB2Migration
2017-09-25 09:13 . 2017-09-25 09:13 24688 ----a-w- c:\windows.1\system32\drivers\TrueSight.sys
2017-09-25 09:13 . 2017-09-25 12:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\RogueKiller
2017-09-25 09:12 . 2017-09-25 09:13 -------- d-----w- c:\program files\RogueKiller
2017-09-25 09:12 . 2017-09-25 09:12 -------- d-----w- C:\Documents
2017-09-22 15:47 . 2017-09-24 06:34 -------- d-----w- C:\FRST
2017-09-22 14:35 . 2017-09-22 14:35 -------- d-----w- c:\documents and settings\Administrator.JWH\Local Settings\Application Data\ESET
2017-09-21 03:51 . 2017-09-21 03:51 -------- d-----w- c:\documents and settings\Administrator.JWH\Application Data\EurekaLog
2017-09-21 02:33 . 1998-06-24 07:00 198456 ----a-w- c:\windows.1\system32\Mci32.ocx
2017-09-21 02:33 . 1998-05-22 07:00 137736 ----a-w- c:\windows.1\system32\COMDLG32.OCX
2017-09-21 00:38 . 2017-09-21 00:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-09-13 08:33 . 2017-09-13 09:33 5680640 ----a-w- c:\windows.1\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 09:33 . 2014-05-06 21:16 803328 ----a-w- c:\windows.1\system32\FlashPlayerApp.exe
2017-09-13 09:33 . 2014-05-06 21:16 144896 ----a-w- c:\windows.1\system32\FlashPlayerCPLApp.cpl
2017-08-04 01:44 . 2014-05-26 23:45 1004 --sha-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\KGyGaAvL.sys
2015-10-29 22:56 . 2015-10-29 22:56 448512 ----a-w- c:\program files\TFC.exe
2010-09-06 04:52 . 2010-11-08 12:15 2669056 ----a-w- c:\program files\VirtualDub.exe
2010-09-06 04:52 . 2010-11-08 12:15 69632 ----a-w- c:\program files\auxsetup.exe
2010-09-06 04:52 . 2010-11-08 12:15 8704 ----a-w- c:\program files\vdub.exe
2010-09-06 04:52 . 2010-11-08 12:15 73728 ----a-w- c:\program files\vdremote.dll
2010-09-06 04:52 . 2010-11-08 12:15 69632 ----a-w- c:\program files\vdicmdrv.dll
2010-09-06 04:51 . 2010-11-08 12:15 65536 ----a-w- c:\program files\vdsvrlnk.dll
2006-10-09 11:38 . 2006-10-09 11:36 11289224 ----a-w- c:\program files\widgetsus.exe
2005-07-15 18:22 . 2010-11-08 12:42 2728537 ----a-w- c:\program files\wax20e.exe
2004-11-09 00:12 . 2004-12-14 01:01 77893 -c--a-w- c:\program files\QCUtils.dll
2004-11-09 00:12 . 2004-12-14 01:01 499777 -c--a-w- c:\program files\QCSSL.dll
2004-11-09 00:12 . 2004-12-14 01:01 65607 -c--a-w- c:\program files\QCSocket.dll
2004-11-09 00:12 . 2004-12-14 01:01 110658 -c--a-w- c:\program files\Imap.dll
2004-11-09 00:12 . 2004-12-14 01:01 24647 -c--a-w- c:\program files\EuMemMgr.dll
2004-11-09 00:12 . 2004-12-14 01:01 2035781 -c--a-w- c:\program files\Eudora32.dll
2004-11-09 00:12 . 2004-12-14 01:01 2728003 -c--a-w- c:\program files\Eudora.exe
2004-10-26 00:08 . 2004-12-14 01:01 307276 -c--a-w- c:\program files\Paige32.dll
2004-09-20 18:10 . 2004-12-14 01:01 180299 -c--a-w- c:\program files\OLImport.eif
2004-09-20 18:10 . 2004-12-14 01:01 168011 -c--a-w- c:\program files\NSImport.eif
2004-09-20 18:10 . 2004-12-14 01:01 155723 -c--a-w- c:\program files\OEImport.eif
2004-08-27 18:10 . 2004-12-14 01:01 180298 -c--a-w- c:\program files\swEudora.exe
2004-08-27 18:10 . 2004-12-14 01:01 112128 -c--a-w- c:\program files\SPELL32.DLL
2004-08-27 18:10 . 2004-12-14 01:01 61497 -c--a-w- c:\program files\Ph.dll
2004-08-27 18:10 . 2004-12-14 01:01 65597 -c--a-w- c:\program files\Ldap.dll
2004-08-27 18:10 . 2004-12-14 01:01 32831 -c--a-w- c:\program files\ISock.dll
2004-08-27 18:10 . 2004-12-14 01:01 138752 -c--a-w- c:\program files\LDAP32.DLL
2004-08-27 18:10 . 2004-12-14 01:01 36933 -c--a-w- c:\program files\EudoraBk.dll
2004-08-27 18:10 . 2004-12-14 01:01 49213 -c--a-w- c:\program files\EuGraph.ocx
2004-08-27 18:10 . 2004-12-14 01:01 147537 -c--a-w- c:\program files\EuMAPI32.dll
2004-08-27 18:10 . 2004-12-14 01:01 82944 -c--a-w- c:\program files\EUMAPI.DLL
2004-08-27 18:10 . 2004-12-14 01:01 49219 -c--a-w- c:\program files\DirServ.dll
2003-09-04 21:15 . 2008-02-06 10:25 1724416 ----a-w- c:\program files\Antanta.exe
1999-06-25 17:55 . 2006-02-06 13:15 149504 ----a-w- c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-08-31 20:21 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-08-31 20:21 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-08-31 20:21 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\documents and settings\Administrator.JWH\Local Settings\Application Data\FluxSoftware\Flux\flux.exe" [2017-09-10 1663480]
"Windscribe"="c:\program files\Windscribe\Windscribe.exe" [2017-05-09 10601064]
"Advanced SystemCare 10"="c:\program files\IObit\Advanced SystemCare\ASCTray.exe" [2017-05-17 3924256]
"World of Tanks (1)"="g:\games\World_of_Tanks\WargamingGameUpdater.exe" [2017-02-28 3135752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows.1\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows.1\system32\NvCpl.dll" [2010-10-16 13851752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-26 18791456]
"SkyTel"="SkyTel.EXE" [2010-02-26 1833504]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2017-04-23 515600]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.JWH^Start Menu^Programs^Startup^EvernoteClipper.lnk]
backup=c:\windows.1\pss\EvernoteClipper.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyScrambler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2008-08-01 04:05 393216 ----a-w- c:\program files\ACT\ACT for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2008-08-01 04:04 28672 ----a-w- c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:48 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 20:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows.1\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epic Privacy Browser Installer]
2016-08-08 11:58 509096 ----atw- c:\documents and settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAHConsole]
2014-01-28 18:16 616632 ----a-w- c:\program files\File Association Helper\FAHConsole.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47 163840 ----a-w- c:\windows.1\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ----a-w- c:\windows.1\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ----a-w- c:\windows.1\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2012-03-19 10:23 380416 ----a-w- c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2010-02-26 01:01 84512 ----a-w- c:\windows.1\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-04 03:55 839680 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-03-16 15:06 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-08-04 19:47 597552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ACT\\ACT for Windows\\ActSage.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Documents and Settings\\Administrator.JWH\\Local Settings\\Application Data\\Epic Privacy Browser\\Application\\epic.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Java\\jre1.8.0_60\\bin\\javaw.exe"=
"c:\\WINDOWS.1\\system32\\fxsclnt.exe"=
"c:\\WINDOWS.1\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"c:\\WINDOWS.1\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe"=
"c:\\WINDOWS.1\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Administrator.JWH\\Application Data\\Spotify\\Spotify.exe"=
"c:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
"c:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe"=
"g:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"g:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare\\Surfing Protection\\FFNativeMessage.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
"5353:TCP"= 5353:TCP:*isabled:Adobe CSI CS4
"20010:UDP"= 20010:UDP:*isabled:War Thunder
"3478:UDP"= 3478:UDP:*isabled:War Thunder
"7850:TCP"= 7850:TCP:*isabled:War Thunder
"7852:TCP"= 7852:TCP:*isabled:War Thunder
"7853:TCP"= 7853:TCP:*isabled:War Thunder
"27022:TCP"= 27022:TCP:*isabled:War Thunder
"6881:TCP"= 6881:TCP:*isabled:War Thunder
"33333:TCP"= 33333:TCP:*isabled:War Thunder
"20443:TCP"= 20443:TCP:*isabled:War Thunder
"8090:TCP"= 8090:TCP:*isabled:War Thunder
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files\IObit\IObit Uninstaller\IUService.exe [2016-10-28 360736]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
R3 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2008-08-01 81920]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows.1\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Ambfilt;Ambfilt;c:\windows.1\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 cpuz138;cpuz138; [x]
R3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows.1\system32\DRIVERS\htcnprot.sys [2013-10-17 21248]
R3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2015-04-27 14624]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 qcserxp;HTC Diagnostic Port;c:\windows.1\system32\DRIVERS\qcserxp.sys [2009-01-24 103424]
R3 QFXUpdateService;QFX Software Update Service;c:\program files\KeyScrambler\QFXUpdateService.exe [2017-04-23 75792]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [2017-01-07 31680]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
R4 IMFFilter;IMFFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\IMFFilter.sys [2017-01-07 247872]
S0 avc3;avc3;c:\windows.1\system32\DRIVERS\avc3.sys [2013-04-17 633344]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows.1\System32\Drivers\SmartDefragDriver.sys [2016-03-22 15824]
S1 ElRawDisk;ElRawDisk;c:\windows.1\system32\drivers\rsdrv.sys [2009-02-12 22312]
S1 gzflt;gzflt;c:\windows.1\system32\DRIVERS\gzflt.sys [2016-09-25 164952]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows.1\system32\drivers\HWiNFO32.SYS [2015-01-09 23840]
S1 IMFCameraProtect;IMFCameraProtect;c:\windows.1\system32\drivers\IMFCameraProtect.sys [2017-03-17 25120]
S2 AdvancedSystemCareService10;Advanced SystemCare Service 10;c:\program files\IObit\Advanced SystemCare\ASCService.exe [2017-03-21 462624]
S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2016-03-02 67592]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2017-07-19 1768736]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
S2 WindscribeService;WindscribeService;c:\program files\Windscribe\WindscribeService.exe [2017-05-09 71272]
S3 avchv;avchv Function Driver;c:\windows.1\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 avckf;avckf;c:\windows.1\system32\DRIVERS\avckf.sys [2013-04-17 486536]
S3 IMFDownProtect;IMFDownProtect;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [2017-03-08 20336]
S3 IMFForceDelete;IMFForceDelete;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [2017-06-30 14168]
S3 KeyScrambler;KeyScrambler;c:\windows.1\system32\drivers\keyscrambler.sys [2017-02-19 220192]
S3 tapwindscribe0901;Windscribe VPN;c:\windows.1\system32\DRIVERS\tapwindscribe0901.sys [2017-04-21 30936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-07-07 01:48 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-09-13 c:\windows.1\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows.1\system32\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-13 09:33]
.
2017-09-21 c:\windows.1\Tasks\Adobe Flash Player Updater.job
- c:\windows.1\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-06 09:33]
.
2017-09-21 c:\windows.1\Tasks\DivXUpdate.job
- c:\program files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-02-03 05:30]
.
2017-09-21 c:\windows.1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:46]
.
2017-09-21 c:\windows.1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:46]
.
2017-03-08 c:\windows.1\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows.1\system32\xp_eos.exe [2014-05-04 01:59]
.
2017-09-20 c:\windows.1\Tasks\Opera scheduled Autoupdate 1382443258.job
- c:\program files\Opera\launcher.exe [2013-10-22 12:29]
.
2017-09-21 c:\windows.1\Tasks\SmartDefrag_AutoAnalyze.job
- c:\program files\IObit\Smart Defrag\AutoDefrag.exe [2016-05-24 22:15]
.
2017-09-20 c:\windows.1\Tasks\SmartDefrag_Update.job
- c:\program files\IObit\Smart Defrag\AutoUpdate.exe [2017-09-14 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-World of Tanks - f:\games\World_of_Tanks\WargamingGameUpdater.exe
SafeBoot-Wdf01000.sys
AddRemove-MediaMonkey_is1 - f:\program files\MediaMonkey\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-09-27 03:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-115176313-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,a5,9a,a3,0b,9f,08,4b,bf,22,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,a5,9a,a3,0b,9f,08,4b,bf,22,11,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2017-09-27 03:14:13
ComboFix-quarantined-files.txt 2017-09-27 10:14
.
Pre-Run: 14,868,897,792 bytes free
Post-Run: 14,804,348,928 bytes free
.
- - End Of File - - D568CF2DAAB9509382398E29F55B4173
8F558EB6672622401DA993E1E865C861

 

[JackH]

Sound, taskbar, and desktop icons are working now. I can also run the newly downloaded Malwarebytes but haven't. Waiting for what you suggest next.

 

[Broni]

Very well.
Go ahead with MBAM.

 

[JackH]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/27/17
Scan Time: 7:33 PM
Log File: 79d9488c-a3f5-11e7-9aca-00ff3c715527.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2901
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: JWH\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 1187567
Threats Detected: 12
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 0 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 2
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1210], [380353],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1210], [380352],1.0.2901

Module: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1210], [380353],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1210], [380352],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [1210], [396386],1.0.2901

Registry Key: 1
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, No Action By User, [1210], [380352],1.0.2901

Registry Value: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 10, No Action By User, [1210], [380353],1.0.2901

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS.1\DESKTOP\Advanced SystemCare 10.lnk, No Action By User, [1210], [380338],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [1210], [398206],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1210], [380353],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1210], [380352],1.0.2901
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [1210], [396386],1.0.2901

Physical Sector: 0
(No malicious items detected)


(end)

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[JackH]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2017
Ran by Administrator (administrator) on JWH (29-09-2017 03:45:44)
Running from C:\Documents and Settings\Administrator.JWH\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS.1\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\lsass.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(NVIDIA Corporation) C:\WINDOWS.1\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\spoolsv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\fxssvc.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\WINDOWS.1\explorer.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(f.lux Software LLC) C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(Wargaming.net) G:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Intel Corporation) C:\WINDOWS.1\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\notepad.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASC.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\wbem\wmiprvse.exe
(Microsoft Corporation) C:\WINDOWS.1\system32\svchost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS.1\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS.1\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2007-03-16] (Analog Devices, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS.1\RTHDCPL.EXE [18791456 2010-02-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS.1\SkyTel.EXE [1833504 2010-02-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [515600 2017-04-22] (QFX Software Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.1\system32\userinit.exe,
HKLM\...\Winlogon: [UIHost] C:\WINDOWS.1\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS.1\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS.1\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS.1\system32\cscdll.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS.1\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS.1\system32\igfxdev.dll [2007-01-13] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS.1\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS.1\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINDOWS.1\system32\WgaLogon.dll [2009-03-10] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS.1\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [f.lux] => C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\FluxSoftware\Flux\flux.exe [1663480 2017-09-09] (f.lux Software LLC)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [Advanced SystemCare 10] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Run: [World of Tanks (1)] => G:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-583907252-115176313-1801674531-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.1\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS.1\system32\inetpp.dll [75264 2008-04-14] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS.1\system32\win32spl.dll [102400 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS.1\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator.JACK-9B5A923336\Start Menu\Programs\Startup\MagicDisc.lnk [2014-04-17]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Documents and Settings\J\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk [2007-01-21]
ShortcutTarget: OpenOffice.org 2.0.lnk -> C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (No File)
Startup: C:\Documents and Settings\Jack Holland.JACK\Start Menu\Programs\Startup\MagicDisc.lnk [2014-04-17]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Documents and Settings\Jack Holland.JACK\Start Menu\Programs\Startup\TimeTo.lnk [2012-08-23]
ShortcutTarget: TimeTo.lnk -> C:\Program Files\TimeTo\TimeTo.exe (David Berman Developments Inc. www.davidberman.com)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
CHR HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS.1\system32\winrnr.dll [16896 2008-04-14] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS.1\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS.1\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 22 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 23 C:\WINDOWS.1\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4F29B467-93DE-471E-B375-0B0BD5083D18}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7E15A5A4-A78C-48CF-9DB7-75C98CDBFC79}: [DhcpNameServer] 192.168.1.1 208.201.224.11 208.201.224.33

 

[JackH]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-583907252-115176313-1801674531-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
HKU\S-1-5-21-583907252-115176313-1801674531-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-583907252-115176313-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-583907252-115176313-1801674531-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1399244708734
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - No File

FireFox:
========
FF DefaultProfile: zhe5o7im.2014
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application Data\Thunderbird.old\Profiles\9pglceps.default [not found] <==== ATTENTION
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application Data\Thunderbird.old\Profiles\zhe5o7im.2014 [not found] <==== ATTENTION
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application Data\Philips-Songbird\Profiles\a5t32cg6.default [2016-10-04]
FF SelectedSearchEngine: C:\Documents and Settings\Administrator.JWH\Application Data\Philips-Songbird\Profiles\a5t32cg6.default -> Rhapsody
FF NetworkProxy: C:\Documents and Settings\Administrator.JWH\Application Data\Philips-Songbird\Profiles\a5t32cg6.default -> no_proxies_on", "127.0.0.1;localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator.JWH\Application Data\Philips-Songbird\Profiles\a5t32cg6.default -> type", 4
FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program Files\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2014-07-02] [not signed]
FF Extension: (Media Sharing) - C:\Program Files\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Windows Media Playback) - C:\Program Files\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (rhapsody) - C:\Program Files\Philips\Philips Songbird\extensions\rhapsody@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Purple Rain) - C:\Program Files\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Philips UI) - C:\Program Files\Philips\Philips Songbird\extensions\philips-ui@philips.com [2014-07-02] [not signed]
FF Extension: (Philips Skin) - C:\Program Files\Philips\Philips Songbird\extensions\philips-skin@philips.com [2014-07-02] [not signed]
FF Extension: (Philips Promotions) - C:\Program Files\Philips\Philips Songbird\extensions\philips-promotions@philips.com [2014-07-02] [not signed]
FF Extension: (Philips auto msc-mtp switch) - C:\Program Files\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [2014-07-02] [not signed]
FF Extension: (LikeMusic) - C:\Program Files\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [2014-07-02] [not signed]
FF Extension: (Philips Branding) - C:\Program Files\Philips\Philips Songbird\extensions\philips-branding@philips.com [2014-07-02] [not signed]
FF Extension: (Philips addon manager) - C:\Program Files\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [2014-07-02] [not signed]
FF Extension: (MTP Device Support) - C:\Program Files\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (MSC Device Support) - C:\Program Files\Philips\Philips Songbird\extensions\msc@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (mashTape) - C:\Program Files\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (gonzo) - C:\Program Files\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Philips GoGear Device Manager) - C:\Program Files\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (File association) - C:\Program Files\Philips\Philips Songbird\extensions\fileassociation@philips.com [2014-07-02] [not signed]
FF Extension: (MP3 Encoding Support) - C:\Program Files\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (AAC Decoding Support) - C:\Program Files\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Concerts) - C:\Program Files\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (CD Rip Support) - C:\Program Files\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [2014-07-02] [not signed]
FF Extension: (Artwork Extras) - C:\Program Files\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [2014-07-02] [not signed]
FF SearchPlugin: C:\Documents and Settings\Administrator.JWH\Application Data\Philips-Songbird\Profiles\a5t32cg6.default\searchplugins\2aab456a-af01-481c-9a69-d88ece030666.xml [2014-07-02]
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984 [2017-09-28]
FF DefaultSearchEngine: C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984 -> Google
FF Extension: (Disconnect) - C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Windscribe) - C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984\Extensions\@windscribeff.xpi [2017-06-08]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984\Extensions\uBlock0@raymondhill.net.xpi [2017-09-21]
FF Extension: (Session Manager) - C:\Documents and Settings\Administrator.JWH\Application Data\Mozilla\Firefox\Profiles\4jdj7hk5.default-1487375107984\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-02-17]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-07-02] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS.1\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-02-08] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-583907252-115176313-1801674531-500: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-08-08] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-583907252-115176313-1801674531-500: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-08-08] (Epic Privacy Browser)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2010-11-08] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll [2010-11-08] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2010-11-18] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npfoxitpdf.dll [2010-09-08] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-11-06] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-11-06] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-06] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-11-06] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-03-22] (Nullsoft, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2005-12-15]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-05]
CHR Extension: (Honey) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-21]
CHR Extension: (Proxy Switchy!) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj [2014-04-17]
CHR Extension: (uBlock Origin) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-06]
CHR Extension: (Hide My ***! Web Proxy) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-09-30]
CHR Extension: (Amazon Quick View) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebiffjjmnhnajgidpecmdmhimojgaben [2017-04-10]
CHR Extension: (Session Buddy) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-28]
CHR Extension: (Blur) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2017-09-21]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Disconnect) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-02-18]
CHR Extension: (Grammarly for Chrome) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-09-21]
CHR Extension: (InvisibleHand) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2017-02-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-01]
CHR Extension: (Ghostery) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-01]
CHR Extension: (CLEER PRO) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmecmdmgelkpjcfhmbdmejfaocgaekjc [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-12]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - <no Path/update_url>
CHR HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\ADMINI~1.JWH\LOCALS~1\APPLIC~1\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-27]
CHR HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (TabHamster) - C:\Documents and Settings\Administrator.JWH\Application Data\Opera Software\Opera Stable\Extensions\flaibmngbecjljogddbgojfenfcneanb [2015-12-20]
OPR Extension: (Amazon Assistant for Opera) - C:\Documents and Settings\Administrator.JWH\Application Data\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2017-07-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [81920 2008-07-31] (Sage Software, Inc.) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS.1\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-13] (Adobe Systems Incorporated) [File not signed]
R2 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
S4 Alerter; C:\WINDOWS.1\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
S3 ALG; C:\WINDOWS.1\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
S3 AppMgmt; C:\WINDOWS.1\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS.1\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R3 BITS; C:\WINDOWS.1\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S3 Browser; C:\WINDOWS.1\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS.1\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS.1\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINDOWS.1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS.1\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS.1\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS.1\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS.1\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINDOWS.1\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS.1\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS.1\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS.1\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS.1\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS.1\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS.1\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Fax; C:\WINDOWS.1\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINDOWS.1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S2 helpsvc; C:\WINDOWS.1\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINDOWS.1\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS.1\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 HTTPFilter; C:\WINDOWS.1\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 idsvc; C:\WINDOWS.1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.1\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1768736 2017-07-18] (IObit)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 LanmanServer; C:\WINDOWS.1\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS.1\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation)
S2 LmHosts; C:\WINDOWS.1\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S4 Messenger; C:\WINDOWS.1\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS.1\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.1\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS.1\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 napagent; C:\WINDOWS.1\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINDOWS.1\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS.1\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 Netlogon; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINDOWS.1\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\WINDOWS.1\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS.1\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 nvsvc; C:\WINDOWS.1\system32\nvsvc32.exe [156776 2010-10-16] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PlugPlay; C:\WINDOWS.1\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 QFXUpdateService; C:\Program Files\KeyScrambler\QFXUpdateService.exe [75792 2017-04-22] ()
S3 RasAuto; C:\WINDOWS.1\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS.1\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S4 RDSessMgr; C:\WINDOWS.1\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS.1\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS.1\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS.1\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS.1\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S4 RSVP; C:\WINDOWS.1\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS.1\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS.1\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
S2 Schedule; C:\WINDOWS.1\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
S2 seclogon; C:\WINDOWS.1\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
S2 SENS; C:\WINDOWS.1\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS.1\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS.1\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINDOWS.1\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS.1\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS.1\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS.1\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS.1\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R2 TermService; C:\WINDOWS.1\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
S2 Themes; C:\WINDOWS.1\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 TlntSvr; C:\WINDOWS.1\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S3 TrkWks; C:\WINDOWS.1\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS.1\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINDOWS.1\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINDOWS.1\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.1\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S4 WebClient; C:\WINDOWS.1\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)
R2 winmgmt; C:\WINDOWS.1\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS.1\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS.1\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS.1\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R3 WPFFontCache_v0400; C:\WINDOWS.1\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS.1\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS.1\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WudfSvc; C:\WINDOWS.1\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS.1\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS.1\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS.1\system32\dllhost.exe /Processid:{2A9247CE-BA62-464A-AA1E-DA304921D996}

 

[JackH]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS.1\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
S4 ACPIEC; C:\WINDOWS.1\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation)
R2 adfs; C:\WINDOWS.1\system32\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
R3 ADIHdAudAddService; C:\WINDOWS.1\System32\drivers\ADIHdAud.sys [323584 2007-12-11] (Analog Devices, Inc.)
S3 ADM8511; C:\WINDOWS.1\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
R3 AEAudio; C:\WINDOWS.1\System32\drivers\AEAudio.sys [94848 2007-03-23] (Andrea Electronics Corporation)
S3 aec; C:\WINDOWS.1\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINDOWS.1\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R0 agp440; C:\WINDOWS.1\System32\DRIVERS\agp440.sys [42368 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS.1\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AsyncMac; C:\WINDOWS.1\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
R0 atapi; C:\WINDOWS.1\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
S3 Atmarpc; C:\WINDOWS.1\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
R3 audstub; C:\WINDOWS.1\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R0 avc3; C:\WINDOWS.1\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; C:\WINDOWS.1\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\WINDOWS.1\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 BANTExt; C:\WINDOWS.1\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R1 Beep; C:\WINDOWS.1\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation)
S4 cbidf2k; C:\WINDOWS.1\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS.1\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 Cdaudio; C:\WINDOWS.1\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation)
R4 Cdfs; C:\WINDOWS.1\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
R1 Cdrom; C:\WINDOWS.1\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS.1\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R0 Disk; C:\WINDOWS.1\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS.1\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINDOWS.1\System32\DRIVERS\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINDOWS.1\system32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINDOWS.1\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS.1\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS.1\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S4 Fastfat; C:\WINDOWS.1\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
R3 Fdc; C:\WINDOWS.1\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R1 Fips; C:\WINDOWS.1\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
R3 Flpydisk; C:\WINDOWS.1\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS.1\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation)
U1 Fs_Rec; C:\WINDOWS.1\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS.1\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R0 Ftdisk; C:\WINDOWS.1\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation)
S3 FTSER2K; C:\WINDOWS.1\System32\drivers\ftser2k.sys [74088 2013-07-25] (FTDI Ltd.)
S3 gameenum; C:\WINDOWS.1\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS.1\gdrv.sys [17488 2015-03-23] (Windows (R) 2000 DDK provider)
S3 GEARAspiWDM; C:\WINDOWS.1\System32\Drivers\GEARAspiWDM.sys [15664 2012-04-04] (GEAR Software Inc.)
R3 Gpc; C:\WINDOWS.1\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
R3 gzflt; C:\WINDOWS.1\System32\DRIVERS\gzflt.sys [164952 2016-09-24] (BitDefender LLC)
R3 HDAudBus; C:\WINDOWS.1\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 hidusb; C:\WINDOWS.1\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
S3 htcnprot; C:\WINDOWS.1\System32\DRIVERS\htcnprot.sys [21248 2013-10-17] (Windows (R) Win 7 DDK provider)
R3 HTTP; C:\WINDOWS.1\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS.1\system32\drivers\HWiNFO32.SYS [23840 2015-01-08] (REALiX(tm))
R1 i8042prt; C:\WINDOWS.1\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
S3 ialm; C:\WINDOWS.1\System32\DRIVERS\igxpmp32.sys [5672032 2007-01-13] (Intel Corporation)
S1 Imapi; C:\WINDOWS.1\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
R1 IMFCameraProtect; C:\WINDOWS.1\system32\drivers\IMFCameraProtect.sys [25120 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)
S4 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\IMFFilter.sys [247872 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-06-30] (IObit.com)
S3 IntcAzAudAddService; C:\WINDOWS.1\System32\drivers\RtkHDAud.sys [5864480 2010-02-25] (Realtek Semiconductor Corp.)
R0 IntelIde; C:\WINDOWS.1\System32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation)
R1 intelppm; C:\WINDOWS.1\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)
S3 Ip6Fw; C:\WINDOWS.1\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS.1\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation)
S3 IpInIp; C:\WINDOWS.1\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
R3 IpNat; C:\WINDOWS.1\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS.1\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS.1\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
R0 isapnp; C:\WINDOWS.1\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R1 Kbdclass; C:\WINDOWS.1\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)
R1 kbdhid; C:\WINDOWS.1\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)
R3 KeyScrambler; C:\WINDOWS.1\System32\drivers\keyscrambler.sys [220192 2017-02-19] (QFX Software Corporation)
R3 kmixer; C:\WINDOWS.1\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS.1\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS.1\system32\drivers\MBAMSwissArmy.sys [221112 2017-09-28] (Malwarebytes)
S3 mcdbus; C:\WINDOWS.1\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R1 mnmdd; C:\WINDOWS.1\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation)
S3 Modem; C:\WINDOWS.1\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS.1\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS.1\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation)
R3 mouhid; C:\WINDOWS.1\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft Corporation)
R0 MountMgr; C:\WINDOWS.1\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
S3 MRxDAV; C:\WINDOWS.1\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS.1\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS.1\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS.1\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS.1\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS.1\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation)
R3 mssmbios; C:\WINDOWS.1\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation)
S3 MSTEE; C:\WINDOWS.1\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation)
R0 Mup; C:\WINDOWS.1\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
S3 NABTSFEC; C:\WINDOWS.1\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS.1\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS.1\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS.1\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS.1\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS.1\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
R3 NDProxy; C:\WINDOWS.1\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS.1\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS.1\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
R1 Npfs; C:\WINDOWS.1\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
R4 Ntfs; C:\WINDOWS.1\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
R1 Null; C:\WINDOWS.1\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation)
R3 nv; C:\WINDOWS.1\System32\DRIVERS\nv4_mini.sys [9623680 2010-10-16] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINDOWS.1\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINDOWS.1\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation)
S3 OM518P; C:\WINDOWS.1\System32\Drivers\om518vid.sys [182154 2001-01-18] (OmniVision Technologies, Inc.) [File not signed]
R3 Parport; C:\WINDOWS.1\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation)
R0 PartMgr; C:\WINDOWS.1\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R2 ParVdm; C:\WINDOWS.1\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation)
R0 PCI; C:\WINDOWS.1\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS.1\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
S4 Pcmcia; C:\WINDOWS.1\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS.1\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
R3 PSched; C:\WINDOWS.1\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
R3 Ptilink; C:\WINDOWS.1\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS.1\System32\Drivers\PxHelp20.sys [44944 2009-04-17] (Sonic Solutions)
S3 qcserxp; C:\WINDOWS.1\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
R1 RasAcd; C:\WINDOWS.1\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS.1\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS.1\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
R3 Raspti; C:\WINDOWS.1\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation)
R1 Rdbss; C:\WINDOWS.1\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
R1 RDPCDD; C:\WINDOWS.1\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation)
R3 rdpdr; C:\WINDOWS.1\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation)
S3 RDPWD; C:\WINDOWS.1\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINDOWS.1\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31680 2017-01-06] (IObit.com)
S3 RTL8023xp; C:\WINDOWS.1\System32\DRIVERS\Rtnicxp.sys [130432 2015-01-10] (Realtek Semiconductor Corporation )
R3 RTLE8023xp; C:\WINDOWS.1\System32\DRIVERS\Rtenicxp.sys [234392 2010-07-06] (Realtek Semiconductor Corporation )
S3 Secdrv; C:\WINDOWS.1\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 SenFiltService; C:\WINDOWS.1\System32\drivers\Senfilt.sys [8704 2005-03-17] (Analog Devices, Inc.)
R3 serenum; C:\WINDOWS.1\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)
R1 Serial; C:\WINDOWS.1\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINDOWS.1\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
S3 SLIP; C:\WINDOWS.1\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS.1\System32\Drivers\SmartDefragDriver.sys [15824 2016-03-22] (IObit)
S3 splitter; C:\WINDOWS.1\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
R0 sr; C:\WINDOWS.1\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
S3 Srv; C:\WINDOWS.1\System32\DRIVERS\srv.sys [359040 2017-02-11] (Microsoft Corporation)
S3 streamip; C:\WINDOWS.1\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R3 swenum; C:\WINDOWS.1\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS.1\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
R3 sysaudio; C:\WINDOWS.1\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
R3 tapwindscribe0901; C:\WINDOWS.1\System32\DRIVERS\tapwindscribe0901.sys [30936 2017-04-21] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS.1\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS.1\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
S3 TDTCP; C:\WINDOWS.1\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINDOWS.1\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
R0 Trufos; C:\WINDOWS.1\System32\DRIVERS\TRUFOS.sys [355744 2016-09-24] (BitDefender S.R.L.)
S4 Udfs; C:\WINDOWS.1\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINDOWS.1\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
R3 usbaudio; C:\WINDOWS.1\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)
R3 usbccgp; C:\WINDOWS.1\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS.1\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS.1\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS.1\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation)
S3 usbscan; C:\WINDOWS.1\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
R3 usbstor; C:\WINDOWS.1\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINDOWS.1\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)
S3 usb_rndisx; C:\WINDOWS.1\System32\DRIVERS\usb8023x.sys [12928 2013-02-11] (Microsoft Corporation)
R1 VgaSave; C:\WINDOWS.1\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
R0 VolSnap; C:\WINDOWS.1\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
R3 Wanarp; C:\WINDOWS.1\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
R3 Wdf01000; C:\WINDOWS.1\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS.1\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
S3 WpdUsb; C:\WINDOWS.1\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation)
R1 WS2IFSL; C:\WINDOWS.1\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation)
S3 WSTCODEC; C:\WINDOWS.1\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
R0 WudfPf; C:\WINDOWS.1\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINDOWS.1\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1.JWH\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz138; no ImagePath
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 rtl8139; system32\DRIVERS\RTL8139.SYS [X]
U5 ScsiPort; C:\WINDOWS.1\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U2 WinDefend; no ImagePath
S3 WinRing0_1_2_0; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\ACT! 2006 "
2017-09-27 21:08 - 2017-09-27 21:08 - 000002790 _____ C:\Documents and Settings\Administrator.JWH\Desktop\malwarebytes_scan.txt
2017-09-27 03:36 - 2017-09-27 04:34 - 000000000 ___SD C:\ComboFix
2017-09-27 03:30 - 2017-09-28 20:56 - 000221112 _____ (Malwarebytes) C:\WINDOWS.1\system32\Drivers\MBAMSwissArmy.sys
2017-09-27 03:18 - 2017-09-27 03:18 - 000026481 _____ C:\ComboFix.txt
2017-09-27 03:14 - 2017-09-29 03:47 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Local Settings\temp
2017-09-27 03:14 - 2017-09-28 23:43 - 000032656 _____ C:\WINDOWS.1\Tasks\SCHEDLGU.TXT
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY.004\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\JH\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\JH.J-5CFDC3FD42354\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\Jack\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\J\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\Default User.WINDOWS.1\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\Administrator.JACK\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\Administrator.JACK.001\Local Settings\temp
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\temp
2017-09-27 01:57 - 2017-09-27 03:36 - 000000000 ____D C:\Qoobox
2017-09-27 01:57 - 2017-09-27 03:22 - 000098816 ____R C:\WINDOWS.1\sed.exe
2017-09-27 01:57 - 2011-06-25 23:45 - 000256000 _____ C:\WINDOWS.1\PEV.exe
2017-09-27 01:57 - 2010-11-07 10:20 - 000208896 _____ C:\WINDOWS.1\MBR.exe
2017-09-27 01:57 - 2009-04-19 21:56 - 000060416 _____ (NirSoft) C:\WINDOWS.1\NIRCMD.exe
2017-09-27 01:57 - 2000-08-30 17:00 - 000518144 _____ (SteelWerX) C:\WINDOWS.1\SWREG.exe
2017-09-27 01:57 - 2000-08-30 17:00 - 000406528 _____ (SteelWerX) C:\WINDOWS.1\SWSC.exe
2017-09-27 01:57 - 2000-08-30 17:00 - 000212480 _____ (SteelWerX) C:\WINDOWS.1\SWXCACLS.exe
2017-09-27 01:57 - 2000-08-30 17:00 - 000080412 _____ C:\WINDOWS.1\grep.exe
2017-09-27 01:57 - 2000-08-30 17:00 - 000068096 _____ C:\WINDOWS.1\zip.exe
2017-09-27 01:56 - 2017-09-27 03:10 - 000000000 ____D C:\WINDOWS.1\erdnt
2017-09-27 01:42 - 2017-09-27 01:42 - 005660248 ____R (Swearware) C:\Documents and Settings\Administrator.JWH\Desktop\ComboFix.exe
2017-09-26 05:13 - 2017-09-26 05:13 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\KeyScrambler
2017-09-26 05:13 - 2017-09-26 05:13 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\KeyScrambler
2017-09-26 05:13 - 2017-02-19 12:15 - 000220192 _____ (QFX Software Corporation) C:\WINDOWS.1\system32\Drivers\keyscrambler.sys
2017-09-26 05:12 - 2017-09-26 05:13 - 000000000 ____D C:\Program Files\KeyScrambler
2017-09-25 06:26 - 2017-09-25 06:28 - 000000000 ____D C:\AdwCleaner
2017-09-25 06:08 - 2017-09-25 06:08 - 000002514 _____ C:\Documents and Settings\Administrator.JWH\Desktop\JRT.txt
2017-09-25 05:46 - 2017-09-25 05:46 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Administrator.JWH\Desktop\JRT.exe
2017-09-25 05:43 - 2017-09-25 05:43 - 000000045 _____ C:\Documents and Settings\Administrator.JWH\Desktop\malwarebytes results.txt
2017-09-25 05:40 - 2017-09-25 05:40 - 000001723 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\Malwarebytes.lnk
2017-09-25 05:40 - 2017-09-25 05:40 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Malwarebytes
2017-09-25 05:40 - 2017-09-25 05:40 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Malwarebytes
2017-09-25 05:21 - 2017-09-28 20:55 - 000059904 _____ C:\WINDOWS.1\system32\Drivers\mbae.sys
2017-09-25 05:20 - 2017-09-25 05:20 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-25 05:10 - 2017-09-25 05:10 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MB2Migration
2017-09-25 05:10 - 2017-09-25 05:10 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MB2Migration
2017-09-25 05:07 - 2017-09-25 05:07 - 000002967 _____ C:\Documents and Settings\Administrator.JWH\Desktop\roguekiller report scan.txt
2017-09-25 05:04 - 2017-09-25 05:04 - 000012298 _____ C:\Documents and Settings\Administrator.JWH\Desktop\roguekiller report delete.txt
2017-09-25 02:13 - 2017-09-25 05:10 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\RogueKiller
2017-09-25 02:13 - 2017-09-25 05:10 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\RogueKiller
2017-09-25 02:13 - 2017-09-25 02:13 - 000024688 _____ C:\WINDOWS.1\system32\Drivers\TrueSight.sys
2017-09-25 02:13 - 2017-09-25 02:13 - 000000722 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\RogueKiller.lnk
2017-09-25 02:13 - 2017-09-25 02:13 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\RogueKiller
2017-09-25 02:13 - 2017-09-25 02:13 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\RogueKiller
2017-09-25 02:12 - 2017-09-25 02:13 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-25 02:00 - 2017-09-25 02:00 - 000003533 _____ C:\Documents and Settings\Administrator.JWH\Desktop\instructions.txt
2017-09-24 00:52 - 2017-09-24 00:52 - 000001428 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 16.txt
2017-09-24 00:50 - 2017-09-24 00:51 - 000001528 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 15.txt
2017-09-24 00:49 - 2017-09-24 00:50 - 000002455 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 14.txt
2017-09-24 00:48 - 2017-09-24 00:48 - 000001099 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 13.txt
2017-09-24 00:47 - 2017-09-24 00:47 - 000003931 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 12.txt
2017-09-24 00:45 - 2017-09-24 00:46 - 000002639 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 11.txt
2017-09-24 00:43 - 2017-09-24 00:43 - 000001194 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 10.txt
2017-09-24 00:41 - 2017-09-24 00:42 - 000002528 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 9.txt
2017-09-24 00:40 - 2017-09-24 00:40 - 000002646 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 8.txt
2017-09-24 00:35 - 2017-09-24 00:38 - 000006786 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 7.txt
2017-09-24 00:34 - 2017-09-24 00:34 - 000006018 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 6.txt
2017-09-24 00:32 - 2017-09-24 00:32 - 000007560 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 5.txt
2017-09-24 00:31 - 2017-09-24 00:31 - 000004109 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 4.txt
2017-09-24 00:29 - 2017-09-24 00:29 - 000003727 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 3.txt
2017-09-24 00:28 - 2017-09-24 00:28 - 000003281 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 2.txt
2017-09-24 00:24 - 2017-09-24 00:26 - 000002335 _____ C:\Documents and Settings\Administrator.JWH\Addition post page 1.txt
2017-09-24 00:05 - 2017-09-24 00:05 - 000009033 _____ C:\Documents and Settings\Administrator.JWH\post page 10.txt
2017-09-24 00:04 - 2017-09-24 00:04 - 000005006 _____ C:\Documents and Settings\Administrator.JWH\post page 9.txt
2017-09-24 00:03 - 2017-09-24 00:03 - 000012298 _____ C:\Documents and Settings\Administrator.JWH\post page 8.txt
2017-09-24 00:00 - 2017-09-24 00:00 - 000008816 _____ C:\Documents and Settings\Administrator.JWH\post page 7.txt
2017-09-23 23:58 - 2017-09-23 23:58 - 000012646 _____ C:\Documents and Settings\Administrator.JWH\post page 6.txt
2017-09-23 23:57 - 2017-09-23 23:57 - 000008748 _____ C:\Documents and Settings\Administrator.JWH\post page 5.txt
2017-09-23 23:55 - 2017-09-23 23:55 - 000005795 _____ C:\Documents and Settings\Administrator.JWH\post page 4.txt
2017-09-23 23:54 - 2017-09-23 23:54 - 000008862 _____ C:\Documents and Settings\Administrator.JWH\post page 3.txt
2017-09-23 23:52 - 2017-09-23 23:52 - 000007966 _____ C:\Documents and Settings\Administrator.JWH\post page 2.txt
2017-09-23 23:49 - 2017-09-23 23:49 - 000008128 _____ C:\Documents and Settings\Administrator.JWH\post page 1.txt
2017-09-22 08:47 - 2017-09-29 03:45 - 000000000 ____D C:\FRST
2017-09-22 08:03 - 2017-09-22 08:03 - 000095648 _____ C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-09-22 08:00 - 2017-09-28 15:53 - 2145386496 _____ C:\WINDOWS.1\MEMORY.DMP
2017-09-22 07:35 - 2017-09-22 07:35 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\ESET
2017-09-22 04:58 - 2017-09-22 05:01 - 002236768 _____ C:\WINDOWS.1\system32\FNTCACHE.DAT
2017-09-21 23:42 - 2017-09-21 23:42 - 000000036 _____ C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\housecall.guid.cache
2017-09-21 23:00 - 2017-09-21 23:00 - 000002224 _____ C:\Documents and Settings\Administrator.JWH\Start Menu\Programs\f.lux.lnk
2017-09-20 21:10 - 2017-09-20 21:26 - 000000242 _____ C:\WINDOWS.1\CDPlayer.ini
2017-09-20 20:51 - 2017-09-20 20:51 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Application Data\EurekaLog
2017-09-20 19:33 - 2017-09-20 19:33 - 000001077 _____ C:\Documents and Settings\Administrator.JWH\Desktop\MONEY! Jr. CD-ROM.lnk
2017-09-20 19:33 - 2017-09-20 19:33 - 000000039 _____ C:\WINDOWS.1\MoneyJrCDROM.INI
2017-09-20 19:33 - 2017-09-20 19:33 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Start Menu\Programs\Garvinweb.com MONEY! Jr. CD-ROM
2017-09-20 19:33 - 1998-06-24 00:00 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS.1\system32\Mci32.ocx
2017-09-20 19:33 - 1998-05-22 00:00 - 000137736 _____ (Microsoft Corporation) C:\WINDOWS.1\system32\COMDLG32.OCX
2017-09-20 17:38 - 2017-09-20 17:38 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-09-20 17:38 - 2017-09-20 17:38 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-09-14 15:34 - 2017-09-28 20:53 - 000000298 _____ C:\WINDOWS.1\Tasks\SmartDefrag_AutoAnalyze.job
2017-09-14 15:34 - 2017-09-28 16:01 - 000000290 _____ C:\WINDOWS.1\Tasks\SmartDefrag_Update.job
2017-09-13 01:33 - 2017-09-13 02:33 - 005680640 _____ (Adobe Systems Incorporated) C:\WINDOWS.1\system32\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 03:00 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\system32
2017-09-29 01:03 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\Temp
2017-09-28 23:43 - 2014-04-16 16:32 - 000000006 ____H C:\WINDOWS.1\Tasks\SA.DAT
2017-09-28 23:33 - 2015-05-25 15:32 - 000000834 _____ C:\WINDOWS.1\Tasks\Adobe Flash Player Updater.job
2017-09-28 22:58 - 2017-05-13 19:58 - 000000308 _____ C:\WINDOWS.1\Tasks\DivXUpdate.job
2017-09-28 22:46 - 2014-04-16 16:57 - 000000886 _____ C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineUA.job
2017-09-28 17:20 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1
2017-09-28 16:14 - 2016-01-04 15:46 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Desktop\receipts
2017-09-28 16:01 - 2014-06-03 03:20 - 000000392 _____ C:\WINDOWS.1\Tasks\Opera scheduled Autoupdate 1382443258.job
2017-09-28 16:01 - 2001-08-23 05:00 - 000001374 _____ C:\WINDOWS.1\system32\wpa.dbl
2017-09-28 16:00 - 2014-04-16 16:57 - 000000882 _____ C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineCore.job
2017-09-28 05:24 - 2015-09-09 14:22 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Desktop\NYC Jobs Stuff
2017-09-28 03:15 - 2016-07-04 08:25 - 000000493 _____ C:\Documents and Settings\Administrator.JWH\Desktop\Ebay listing images.lnk
2017-09-27 21:09 - 2017-05-26 01:37 - 000002451 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\TurboTax 2015.lnk
2017-09-27 09:16 - 2014-08-28 04:32 - 000881942 _____ C:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-115176313-1801674531-500-0.dat
2017-09-27 09:16 - 2014-08-08 05:06 - 000472398 _____ C:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-09-27 03:08 - 2001-08-23 05:00 - 000000227 _____ C:\WINDOWS.1\system.ini
2017-09-27 03:07 - 2014-04-16 16:34 - 000000000 ____D C:\Documents and Settings\Administrator.JWH
2017-09-27 03:07 - 2013-01-17 04:30 - 000000000 ____D C:\Documents and Settings\Administrator.JACK-9B5A923336
2017-09-27 03:07 - 2007-02-22 17:10 - 000000000 ____D C:\Documents and Settings\Jack Holland.JACK
2017-09-27 03:05 - 2014-04-16 17:10 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Temp
2017-09-27 02:01 - 2007-02-22 17:08 - 000000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY.000
2017-09-27 02:01 - 2007-01-20 03:38 - 000000000 __SHD C:\Documents and Settings\NetworkService.NT AUTHORITY
2017-09-27 01:58 - 2014-04-16 09:02 - 000000000 ___HD C:\Documents and Settings\Default User.WINDOWS.1
2017-09-27 01:21 - 2014-09-10 17:28 - 043442176 _____ C:\WINDOWS.1\system32\config\software.iobit
2017-09-27 01:21 - 2014-09-10 17:28 - 000901120 _____ C:\WINDOWS.1\system32\config\default.iobit
2017-09-27 01:21 - 2014-09-10 17:28 - 000065536 _____ C:\WINDOWS.1\system32\config\SECURITY.iobit
2017-09-27 01:21 - 2014-09-10 17:28 - 000028672 _____ C:\WINDOWS.1\system32\config\SAM.iobit
2017-09-26 05:37 - 2014-04-16 16:34 - 000000178 ___SH C:\Documents and Settings\Administrator.JWH\ntuser.ini
2017-09-26 03:44 - 2016-11-21 23:05 - 000001806 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\Advanced SystemCare 10.lnk
2017-09-25 05:40 - 2014-05-04 15:39 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Malwarebytes
2017-09-25 05:40 - 2014-05-04 15:39 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Malwarebytes
2017-09-25 05:01 - 2013-02-22 21:32 - 000000000 ____D C:\Program Files\Free YouTube Downloader
2017-09-25 05:01 - 2012-12-05 01:37 - 000000000 ____D C:\Program Files\Coupons
2017-09-25 05:01 - 2007-04-06 00:51 - 000000000 ____D C:\Program Files\VideoEgg
2017-09-25 01:49 - 2014-09-10 17:09 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ProductData
2017-09-25 01:49 - 2014-09-10 17:09 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ProductData
2017-09-24 00:02 - 2014-05-14 22:57 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2017-09-24 00:02 - 2014-05-14 22:57 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2017-09-23 00:34 - 2015-09-03 21:17 - 000000000 ____D C:\WINDOWS.1\system32\RTCOM
2017-09-22 08:38 - 2014-05-07 05:54 - 000002335 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\Taskix.lnk
2017-09-22 07:22 - 2014-04-15 13:29 - 000000000 ____D C:\Documents and Settings\Jack
2017-09-22 07:22 - 2014-04-14 23:29 - 000000000 ____D C:\Documents and Settings\JH
2017-09-22 06:37 - 2001-01-06 00:46 - 000000801 ___SH C:\boot.ini
2017-09-22 05:29 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\security
2017-09-22 05:28 - 2015-09-03 21:26 - 000000000 ____D C:\Program Files\Analog Devices
2017-09-22 05:28 - 2014-04-16 08:55 - 000000000 ____D C:\WINDOWS.1\system
2017-09-22 05:27 - 2014-04-16 08:55 - 000000000 ___HD C:\WINDOWS.1\inf
2017-09-22 02:36 - 2014-05-04 16:05 - 000000000 __SHD C:\Documents and Settings\Administrator.JWH\UserData
2017-09-21 23:56 - 2014-04-16 01:47 - 000000000 ____D C:\Documents and Settings\JH.J-5CFDC3FD42354
2017-09-21 23:56 - 2007-03-08 00:30 - 000000000 ____D C:\Documents and Settings\Administrator.JACK.001
2017-09-21 23:56 - 2007-01-19 19:02 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS2
2017-09-21 23:56 - 2006-04-02 13:02 - 000000000 ____D C:\Documents and Settings\Admin
2017-09-21 23:56 - 2001-01-06 00:46 - 000000000 ____D C:\Documents and Settings\Default User
2017-09-21 23:56 - 2001-01-06 00:46 - 000000000 ____D C:\Documents and Settings\All Users
2017-09-21 21:57 - 2014-04-16 16:32 - 000000178 ___SH C:\Documents and Settings\LocalService.NT AUTHORITY.004\ntuser.ini
2017-09-21 06:00 - 2016-04-14 16:19 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Application Data\MediaMonkey
2017-09-21 03:53 - 2015-08-27 01:15 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Google Drive
2017-09-21 03:53 - 2015-08-27 01:15 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Google Drive
2017-09-20 19:33 - 2006-09-16 04:00 - 000000000 ____D C:\Program Files\MoneyJrCDROM
2017-09-20 18:07 - 2016-04-28 15:50 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Advanced SystemCare
2017-09-20 18:07 - 2016-04-28 15:50 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Advanced SystemCare
2017-09-15 00:24 - 2015-01-02 15:33 - 000022528 _____ C:\Documents and Settings\Administrator.JWH\My Documents\Copy of UserNamesAndPasswordsPROTECTED (Autosaved).xlsx
2017-09-15 00:24 - 2014-12-18 04:20 - 000000000 ____D C:\Documents and Settings\Administrator.JWH\Desktop\debt-reduction-calculator
2017-09-14 15:15 - 2016-10-10 16:36 - 000000811 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\Smart Defrag 5.lnk
2017-09-14 15:15 - 2016-05-24 00:23 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Smart Defrag
2017-09-14 15:15 - 2016-05-24 00:23 - 000000000 ____D C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Smart Defrag
2017-09-13 02:33 - 2015-09-26 03:30 - 000000896 _____ C:\WINDOWS.1\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-09-13 02:33 - 2014-05-06 14:16 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS.1\system32\FlashPlayerApp.exe
2017-09-13 02:33 - 2014-05-06 14:16 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS.1\system32\FlashPlayerCPLApp.cpl
2017-09-13 02:33 - 2014-04-16 16:26 - 000000000 ____D C:\WINDOWS.1\system32\Macromed
2017-08-31 19:04 - 2016-04-14 16:19 - 000000610 _____ C:\Documents and Settings\All Users.WINDOWS.1\Desktop\MediaMonkey.lnk
2017-08-31 01:30 - 2014-04-17 17:10 - 000023040 _____ C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2008-02-06 03:25 - 2003-12-04 19:23 - 000000157 ____C () C:\Program Files\--[100.0% OK]--[0.0% MISSING]--[0.0% BAD]--
2006-08-31 18:42 - 2006-08-31 18:42 - 000000000 ____C () C:\Program Files\ac
2004-12-13 18:01 - 2004-08-27 11:10 - 000339835 ____C () C:\Program Files\american.clx
2004-12-13 18:01 - 2004-08-27 11:10 - 000007698 ____C () C:\Program Files\american.tlx
2008-02-06 03:25 - 2003-09-04 14:15 - 001724416 _____ () C:\Program Files\Antanta.exe
2010-11-08 05:15 - 2010-09-05 21:52 - 000069632 _____ ( ) C:\Program Files\auxsetup.exe
2004-12-13 18:01 - 2004-08-27 11:10 - 000347633 ____C () C:\Program Files\british.clx
2004-12-13 18:01 - 2004-08-27 11:10 - 000007698 ____C () C:\Program Files\british.tlx
2010-11-08 05:15 - 2009-09-14 00:13 - 000018321 _____ () C:\Program Files\copying
2004-12-13 17:39 - 2004-12-13 18:01 - 000003260 ____C () C:\Program Files\deudora.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000049219 ____C (QUALCOMM Incorporated) C:\Program Files\DirServ.dll
2004-12-13 18:01 - 2004-11-01 16:03 - 000014310 ____C () C:\Program Files\Eudora.cnt
2004-12-13 18:01 - 2004-11-08 17:12 - 002728003 ____C (QUALCOMM Incorporated) C:\Program Files\Eudora.exe
2004-12-13 18:01 - 2004-11-01 16:03 - 001106972 ____C () C:\Program Files\EUDORA.hlp
2004-12-13 18:01 - 2004-08-27 11:10 - 000000304 ____C () C:\Program Files\eudora.htm
2004-12-13 18:01 - 2004-08-27 11:10 - 000016938 ____C () C:\Program Files\eudora.tip
2004-12-13 18:01 - 2004-11-08 17:12 - 002035781 ____C (QUALCOMM Incorporated) C:\Program Files\Eudora32.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000036933 ____C (Qualcomm, Inc.) C:\Program Files\EudoraBk.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000002338 ____C () C:\Program Files\EudoraCCProfiles.xml
2004-12-13 18:01 - 2004-08-27 11:10 - 000049213 ____C (QUALCOMM Incorporated) C:\Program Files\EuGraph.ocx
2004-12-13 18:01 - 2004-08-27 11:10 - 000082944 ____C (QUALCOMM Incorporated) C:\Program Files\EUMAPI.DLL
2004-12-13 18:01 - 2004-08-27 11:10 - 000147537 ____C (QUALCOMM Incorporated) C:\Program Files\EuMAPI32.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000024647 ____C (QUALCOMM Incorporated) C:\Program Files\EuMemMgr.dll
2004-12-13 17:39 - 2004-08-27 11:10 - 000001640 ____C () C:\Program Files\finger.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000233901 ____C () C:\Program Files\FlameLex.dat
2008-02-06 03:25 - 2003-12-04 16:41 - 000001653 _____ () C:\Program Files\grutewwbcd.nfo
2008-02-06 03:25 - 2003-12-04 16:44 - 000557141 _____ () C:\Program Files\grutewwbcd.rar
2008-02-06 03:25 - 2003-12-04 16:41 - 000000079 _____ () C:\Program Files\grutewwbcd.sfv
2004-12-13 18:01 - 2004-11-08 17:12 - 000110658 ____C (QUALCOMM Incorporated) C:\Program Files\Imap.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000032831 ____C (Qualcomm, Inc.) C:\Program Files\ISock.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000065597 ____C (QUALCOMM Incorporated) C:\Program Files\Ldap.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000138752 ____C (University of Michigan) C:\Program Files\LDAP32.DLL
2004-12-13 17:39 - 2004-08-27 11:10 - 000004567 ____C () C:\Program Files\LDAPinit.ini
2004-12-13 18:01 - 2004-10-06 15:36 - 000015269 ____C () C:\Program Files\License.txt
2004-12-13 18:01 - 2004-09-20 11:10 - 000168011 ____C (QUALCOMM Incorporated) C:\Program Files\NSImport.eif
2004-12-13 18:01 - 2004-09-20 11:10 - 000155723 ____C (QUALCOMM Incorporated) C:\Program Files\OEImport.eif
2004-12-13 18:01 - 2004-09-20 11:10 - 000180299 ____C (QUALCOMM Incorporated) C:\Program Files\OLImport.eif
2004-12-13 18:01 - 2004-10-25 17:08 - 000307276 ____C (QUALCOMM Incorporated) C:\Program Files\Paige32.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000061497 ____C (QUALCOMM Incorporated) C:\Program Files\Ph.dll
2004-12-13 17:39 - 2004-08-27 11:10 - 000002546 ____C () C:\Program Files\ph.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000409368 ____C () C:\Program Files\Qckstart.pdf
2004-12-13 18:01 - 2004-11-08 17:12 - 000065607 ____C (QUALCOMM Incorporated) C:\Program Files\QCSocket.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000499777 ____C (QUALCOMM Incorporated) C:\Program Files\QCSSL.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000077893 ____C (QUALCOMM Incorporated) C:\Program Files\QCUtils.dll
2004-12-13 18:01 - 2004-11-09 16:57 - 000024747 ____C () C:\Program Files\RelNotes.txt
2004-12-13 18:01 - 2004-09-27 18:13 - 000023043 ____C () C:\Program Files\rootcerts.p7b
2004-12-13 18:01 - 2004-08-27 11:10 - 000112128 ____C (Wintertree Software Inc.) C:\Program Files\SPELL32.DLL
2004-12-13 18:01 - 2004-08-27 11:10 - 000180298 ____C (Qualcomm, Inc.) C:\Program Files\swEudora.exe
2015-10-29 15:56 - 2015-10-29 15:56 - 000448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2006-02-06 06:15 - 1999-06-25 10:55 - 000149504 _____ () C:\Program Files\UNWISE.EXE
2006-02-06 06:16 - 2007-08-28 04:28 - 000000072 ____C () C:\Program Files\UNWISE.INI
2010-11-08 05:15 - 2010-09-05 21:52 - 000069632 _____ ( ) C:\Program Files\vdicmdrv.dll
2010-11-08 05:15 - 2010-09-05 21:52 - 000073728 _____ ( ) C:\Program Files\vdremote.dll
2010-11-08 05:15 - 2010-09-05 21:51 - 000065536 _____ ( ) C:\Program Files\vdsvrlnk.dll
2010-11-08 05:15 - 2010-09-05 21:52 - 000008704 _____ ( ) C:\Program Files\vdub.exe
2010-11-08 05:15 - 2010-09-05 21:54 - 000246773 _____ () C:\Program Files\VirtualDub.chm
2010-11-08 05:15 - 2010-09-05 21:52 - 002669056 _____ () C:\Program Files\VirtualDub.exe
2010-11-08 05:15 - 2010-09-05 21:52 - 000220635 _____ () C:\Program Files\VirtualDub.vdi
2010-11-08 05:42 - 2005-07-15 11:22 - 002728537 _____ () C:\Program Files\wax20e.exe
2006-10-09 04:36 - 2006-10-09 04:38 - 011289224 _____ (Yahoo! Inc.) C:\Program Files\widgetsus.exe
2014-05-26 16:44 - 2014-05-26 16:44 - 000000000 ____H () C:\Documents and Settings\Administrator.JWH\Application Data\ActUpdate.log
2014-04-17 17:10 - 2017-08-31 01:30 - 000023040 _____ () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-21 23:42 - 2017-09-21 23:42 - 000000036 _____ () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\housecall.guid.cache
2015-07-10 16:37 - 2015-07-10 16:37 - 000004096 ____H () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\keyfile3.drm
2017-03-20 03:20 - 2017-03-20 03:20 - 000000218 _____ () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\recently-used.xbel
2015-08-02 03:52 - 2015-08-02 03:53 - 000000025 ____H () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.119889580931711767808769176
2015-08-02 03:49 - 2015-08-02 03:49 - 000000021 ____H () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.24554863501262644635642126105
2015-08-16 06:20 - 2015-08-16 06:20 - 000000025 ____H () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.811261211181235583101118113995
2014-05-26 16:45 - 2017-08-03 18:44 - 000001004 ___SH () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\KGyGaAvL.sys
2017-05-14 00:18 - 2017-05-14 00:21 - 000003561 _____ () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\lpm.dat
2014-08-27 18:16 - 2017-05-13 18:41 - 000000898 _____ () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Documents and Settings\Jack Holland.JACK\AWEMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\AWEMAN32.DLL
C:\Documents and Settings\Jack Holland.JACK\CIFMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\CSPMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\UIDLL16.DLL
C:\Documents and Settings\Jack Holland.JACK\UPDDRV95.EXE


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS.1\explorer.exe => File is digitally signed
C:\WINDOWS.1\system32\winlogon.exe => File is digitally signed
C:\WINDOWS.1\system32\svchost.exe => File is digitally signed
C:\WINDOWS.1\system32\services.exe => File is digitally signed
C:\WINDOWS.1\system32\User32.dll => File is digitally signed
C:\WINDOWS.1\system32\userinit.exe => File is digitally signed
C:\WINDOWS.1\system32\rpcss.dll => File is digitally signed
C:\WINDOWS.1\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS.1\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[JackH]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2017
Ran by Administrator (29-09-2017 03:49:18)
Running from C:\Documents and Settings\Administrator.JWH\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-03-20 15:56:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-583907252-115176313-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.JWH
ASPNET (S-1-5-21-583907252-115176313-1801674531-1003 - Limited - Enabled)
Guest (S-1-5-21-583907252-115176313-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-115176313-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-583907252-115176313-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ACT! by Sage Premium 2009 (11.0) (HKLM\...\{396CE0B5-DC06-46D2-A870-47798143AE85}) (Version: 11.0.0.0 - Sage Software, Inc.) Hidden
ACT! by Sage Premium 2009 (11.0) (HKLM\...\InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}) (Version: 11.0.0.0 - Sage Software, Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.3 (HKLM\...\{8C1D4735-84E4-41E2-A1DB-70EADE27633C}) (Version: 3.3.1 - Adobe)
Advanced ACT Password Recovery (remove only) (HKLM\...\Advanced ACT Password Recovery) (Version: - )
Advanced SystemCare 10 (HKLM\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
Close Combat (HKLM\...\Close Combat1.00) (Version: 1.00 - Matrix Games)
Close Combat Cross of Iron (HKLM\...\Close Combat Cross of Iron1.00) (Version: 1.00 - Matrix Games)
Connect (HKLM\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Daum PotPlayer 1.5.45955 (HKLM\...\PotPlayer) (Version: - )
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.238 - DivX, LLC)
Driver Booster 3.3 (HKLM\...\Driver Booster_is1) (Version: 3.3 - IObit)
Dsc Pro (HKLM\...\Dsc Pro) (Version: - )
Epic Privacy Browser (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Epic) (Version: 48.0.2553.0 - Epic)
Epson Event Manager (HKLM\...\{F04A0091-BEEF-4DDA-B625-48A311DD36F0}) (Version: 2.40.0006 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Evernote v. 5.8.6 (HKLM\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Exact Audio Copy 1.1 (HKLM\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Flux) (Version: - f.lux Software LLC)
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft 7 (HKLM\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.1.19 - Final Draft, Inc.)
Garvinweb.com - MONEY! Jr. CD-ROM (HKLM\...\Garvinweb.com - MONEY! Jr. CD-ROM) (Version: - )
Global Trading System Pro UK (HKLM\...\{8CEAFBCB-FA17-4CD0-BC08-499BA25A6799}) (Version: 81.1.484 - City Index)
GLUCOFACTS(TM) Deluxe (HKLM\...\{3E04DB74-CFA4-47DB-836F-11FA1F6A016D}) (Version: 3.09.02 - Bayer HealthCare)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 - HTC)
iCare Data Recovery 5.1 (HKLM\...\iCare Data Recovery_is1) (Version: - iCare Software)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.2 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jing (HKLM\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
kuler (HKLM\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LibreOffice 5.3.5.2 (HKLM\...\{58C4EC76-D347-41F0-89D7-30CB01473C37}) (Version: 5.3.5.2 - The Document Foundation)
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.44.1.3 - Marvell)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0.6423 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NVIDIA Graphics Driver 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Password Recovery Bundle 2013 (HKLM\...\Password Recovery Bundle 2013_is1) (Version: - Top Password Software, Inc.)
PDF Settings CS4 (HKLM\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Philips Songbird (HKLM\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Photoshop Camera Raw (HKLM\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 - Intuit)
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6053 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.34 - Remo Software)
RogueKiller version 12.11.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.16.0 - Adlice Software)
Samsung ML-1710 Series (HKLM\...\{18499419-2B80-4C3F-86D3-C6C45CD2062E}) (Version: - )
SeaTools for Windows 1.4.0.2 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM\...\Smart Defrag_is1) (Version: 5.7.0 - IObit)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6380 - Analog Devices)
Spotify (HKU\S-1-5-21-583907252-115176313-1801674531-500\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Suite Shared Configuration CS4 (HKLM\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Taskix 2.1 (HKLM\...\{E80F9F48-86F8-447D-8CDC-A98B1870C1D4}) (Version: 2.1.1 - Robust IT)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VMeisoft Flash SWF Converter version 3.0.2.9 (HKLM\...\VMeisoft Flash SWF Converter_is1) (Version: 3.0.2.9 - VMeisoft)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}) (Version: 5.2.70 - Microsoft)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windscribe version 1.70 build 4 (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZoomCam M1598 (HKLM\...\{9E88FCF0-8413-4451-870A-621762E2B1CD}) (Version: 2.0.0.0000 - OmniVision Technologies, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{6959B6E8-B5E0-4E64-B1B4-C82969BAF394}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{81e5adb4-92d6-4414-a1e6-d823ef6f32e1}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Application\48.0.2553.0\delegate_execute.exe (Hidden Reflex)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\localserver32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-583907252-115176313-1801674531-500_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32 -> C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02] (Bitdefender)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS.1\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2014-05-02] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2016-09-20] (IObit)
ContextMenuHandlers2: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS.1\system32\ntshrui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [Send To] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-08-31] (Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers4: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS.1\System32\cscui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS.1\system32\ntshrui.dll [2008-04-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2014-05-02] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS.1\system32\igfxpph.dll [2007-01-13] (Intel Corporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\WINDOWS.1\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS.1\system32\nvcpl.dll [2010-10-16] (NVIDIA Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02] (Bitdefender)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS.1\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2014-05-02] (WinZip Computing, S.L.)

 

[JackH]

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS.1\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS.1\system32\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: C:\WINDOWS.1\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS.1\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS.1\Tasks\DivXUpdate.job => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe
Task: C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.1\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.1\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS.1\system32\xp_eos.exe
Task: C:\WINDOWS.1\Tasks\Opera scheduled Autoupdate 1382443258.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS.1\Tasks\SmartDefrag_AutoAnalyze.job => C:\Program Files\IObit\Smart Defrag\AutoDefrag.exe
Task: C:\WINDOWS.1\Tasks\SmartDefrag_Update.job => C:\Program Files\IObit\Smart Defrag\AutoUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Administrator.JWH\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Bayer HealthCare\GLUCOFACTS Deluxe\GLUCOFACTS Deluxe v3.09.lnk -> C:\Program Files\Bayer HealthCare\GLUCOFACTS Deluxe\run.bat ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS.1\Desktop\GLUCOFACTS Deluxe v3.09.lnk -> C:\Program Files\Bayer HealthCare\GLUCOFACTS Deluxe\run.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-09-20 14:34 - 2013-03-19 11:07 - 000522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-09-20 14:34 - 2013-09-03 13:29 - 000105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2013-10-17 16:27 - 2013-10-17 16:27 - 000166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2017-09-25 05:40 - 2017-09-28 20:55 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-11-21 23:06 - 2016-06-21 20:30 - 000442144 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2016-11-21 23:06 - 2016-06-21 20:29 - 000210720 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-11-21 23:06 - 2016-06-21 20:29 - 000059680 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-11-21 23:06 - 2015-12-28 14:50 - 000899872 _____ () C:\Program Files\IObit\IObit Uninstaller\webres.dll
2016-11-21 23:06 - 2016-09-26 14:59 - 000631072 _____ () C:\Program Files\IObit\IObit Uninstaller\ProductStatistics.dll
2004-08-04 03:00 - 2008-04-14 05:41 - 000059904 _____ () C:\WINDOWS.1\system32\devenum.dll
2004-08-04 03:00 - 2008-04-14 05:42 - 000014336 _____ () C:\WINDOWS.1\system32\msdmo.dll
2017-09-20 18:07 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files\IObit\Advanced SystemCare\webres.dll
2017-09-20 17:37 - 2017-05-17 13:45 - 000631584 _____ () C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
2004-08-04 03:00 - 2013-01-01 23:49 - 001292288 _____ () C:\WINDOWS.1\system32\quartz.dll
2017-09-20 17:37 - 2017-07-24 15:34 - 001364256 _____ () C:\Program Files\IObit\Advanced SystemCare\Scan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\TFC.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JACK-9B5A923336\My Documents\IMDb Video Player: Dan Starbuck Demo.net%2Fa2643 [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\12 Things Wealthy People Do.txtocumentSummaryInformation [79]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\12 Things Wealthy People Do.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\ComboFix.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Fisher_m11.mq4:CursorPos [890]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Fisher_m11.mq4:LineFlags [866]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\fxgtstsuk.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\fxsolutionsuk4setup.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Hide.me-Setup-1.2.6.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\jre-8u31-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Setup-Trelby-2.2.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\sp60088.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\TFC.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\WoT_internet_install_na.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:56E2E879 [238]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMPFC5A2B2 [118]
AlternateDataStreams: C:\Documents and Settings\Jack Holland.JACK\My Documents\IMDb Video Player: Dan Starbuck Demo.net%2Fa2643 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-583907252-115176313-1801674531-500\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 05:00 - 2017-09-27 03:08 - 000000027 _____ C:\WINDOWS.1\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-583907252-115176313-1801674531-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^Administrator.JWH^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\WINDOWS.1\pss\EvernoteClipper.lnkStartup
MSCONFIG\startupreg: Act! Preloader => "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
MSCONFIG\startupreg: Act.Outlook.Service => "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS.1\system32\ctfmon.exe
MSCONFIG\startupreg: Epic Privacy Browser Installer => "C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS.1\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS.1\system32\igfxtray.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Persistence => C:\WINDOWS.1\system32\igfxpers.exe
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SoundMAX => "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe] => EnabledotPlayer
DomainProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\ACT\ACT for Windows\ActSage.exe] => Disabled:ACT! by Sage
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe] => Disabled:Adobe CSI CS4
StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Disabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [C:\Program Files\Epson Software\Event Manager\EEventManager.exe] => Disabled:EEventManager Application
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\Epic Privacy Browser\Application\epic.exe] => Disabled:Epic Privacy Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Disabled:Firefox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Disabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre1.8.0_60\bin\javaw.exe] => Disabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\WINDOWS.1\system32\fxsclnt.exe] => Disabled:Microsoft Fax Console
StandardProfile\AuthorizedApplications: [C:\WINDOWS.1\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Disabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe] => Disabled:Miro_Downloader
StandardProfile\AuthorizedApplications: [C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe] => Disabledxpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe] => DisabledotPlayer
StandardProfile\AuthorizedApplications: [C:\WINDOWS.1\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Disabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator.JWH\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNetisabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe] => Enabled:SP_FF
StandardProfile\AuthorizedApplications: [G:\Games\World_of_Tanks\WoTLauncher.exe] => Enabled:World of Tanks Launcher
StandardProfile\AuthorizedApplications: [G:\Games\World_of_Tanks\WorldOfTanks.exe] => Enabled:World of Tanks
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe] => Enabled:SP_FF
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5353:TCP] => Disabled:Adobe CSI CS4
StandardProfile\GloballyOpenPorts: [20010:UDP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [3478:UDP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [7850:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [7852:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [7853:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [27022:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [6881:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [33333:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [20443:TCP] => Disabled:War Thunder
StandardProfile\GloballyOpenPorts: [8090:TCP] => Disabled:War Thunder

==================== Restore Points =========================

03-07-2017 01:01:20 System Checkpoint
04-07-2017 16:26:36 System Checkpoint
05-07-2017 16:47:57 System Checkpoint
06-07-2017 18:18:01 System Checkpoint
08-07-2017 00:37:23 System Checkpoint
09-07-2017 01:35:42 System Checkpoint
12-07-2017 03:27:43 System Checkpoint
13-07-2017 15:52:52 System Checkpoint
14-07-2017 18:24:53 System Checkpoint
17-07-2017 15:42:12 System Checkpoint
18-07-2017 17:34:48 System Checkpoint
19-07-2017 17:49:45 System Checkpoint
20-07-2017 19:45:24 System Checkpoint
22-07-2017 14:40:27 System Checkpoint
24-07-2017 15:59:11 System Checkpoint
26-07-2017 18:32:37 System Checkpoint
27-07-2017 19:19:08 System Checkpoint
29-07-2017 17:38:10 System Checkpoint
30-07-2017 18:23:27 System Checkpoint
31-07-2017 19:15:26 System Checkpoint
01-08-2017 20:01:51 System Checkpoint
03-08-2017 02:15:47 System Checkpoint
04-08-2017 02:37:18 System Checkpoint
05-08-2017 03:13:29 System Checkpoint
06-08-2017 03:41:06 System Checkpoint
07-08-2017 03:56:15 System Checkpoint
09-08-2017 04:27:34 System Checkpoint
11-08-2017 12:12:38 System Checkpoint
12-08-2017 17:58:52 System Checkpoint
13-08-2017 21:09:14 System Checkpoint
19-08-2017 14:50:06 System Checkpoint
22-08-2017 17:09:49 Installed LibreOffice 5.3.5.2
23-08-2017 21:48:26 System Checkpoint
25-08-2017 13:44:28 System Checkpoint
28-08-2017 16:13:06 System Checkpoint
01-09-2017 16:49:33 System Checkpoint
05-09-2017 18:47:23 System Checkpoint
07-09-2017 17:29:17 System Checkpoint
08-09-2017 18:49:16 System Checkpoint
11-09-2017 18:44:33 System Checkpoint
13-09-2017 00:46:28 System Checkpoint
14-09-2017 18:19:20 System Checkpoint
27-09-2017 03:37:02 ComboFix created restore point
28-09-2017 18:33:22 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2017 01:07:09 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/26/2017 03:16:44 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/25/2017 06:12:18 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/25/2017 05:15:12 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/25/2017 01:39:36 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/23/2017 11:19:20 PM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/22/2017 11:59:22 PM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/22/2017 08:21:48 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/22/2017 07:25:14 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].

Error: (09/22/2017 06:07:32 AM) (Source: SQLWRITER) (EventID: 4) (User: )
Description: SQL writer initialization error: the COM security cannot be initialized [0x800706ba].


System errors:
=============
Error: (09/28/2017 04:19:36 AM) (Source: DCOM) (EventID: 10001) (User: JWH)
Description: Unable to start a DCOM Server: {AB97EDE4-091B-405F-83E6-9A31AD18EDAF} as /.
The error:
"%%3 = The system cannot find the path specified."
Happened while starting this command:
F:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE -Embedding

Error: (09/27/2017 07:20:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindscribeService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the DCOM Server Process Launcher service which failed to start because of the following error:
The system cannot find the path specified.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DCOM Server Process Launcher service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Terminal Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the DCOM Server Process Launcher service which failed to start because of the following error:
The system cannot find the path specified.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DCOM Server Process Launcher service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Telephony service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/27/2017 01:58:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the DCOM Server Process Launcher service which failed to start because of the following error:
The system cannot find the path specified.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 2047.29 MB
Available physical RAM: 1560.97 MB
Total Virtual: 3939.17 MB
Available Virtual: 3047.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.78 GB) (Free:12.31 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (DRV2_VOL1) (Fixed) (Total:149.05 GB) (Free:22.65 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (XP_SP3) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive g: (New Volume) (Fixed) (Total:698.64 GB) (Free:370.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 586F586F)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 3055AE38)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: AAF11F1C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.