PDA

View Full Version : Unknown Malware/Browser Hijak help please



sparkie20
2014-11-19, 14:34
Hi could anyone help please?
I have some sort of malware, it causes various different pop up windows/browser hijaks etc. Regularly causes scripts to stop running, crashes browser entirely/slow pc etc
Spybot + AV found stuff, but fixing them hasn't fixed the problem. Ditto Malwarebytes Anti-Malware.
I've uninstalled chrome, but still have the problem on IE

Do I just go ahead and post the logs outlined above?

Edit Forum FAQ: http://forums.spybot.info/showthread.php?t=288

TIA
Sparks

Ok so looking at other threads (the best I can with my dodgy browser), it seems so:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Matt (administrator) on DESKTOP on 19-11-2014 12:22:55
Running from C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB
Loaded Profile: Matt (Available profiles: Matt & Naomi)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
() C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
() C:\Program Files\Bfascustiverculimned\BfascustiverculimnedHelper.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB\FRST[1].exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Run: [Norton Download Manager{N360212038-SHPD-FSD40014}] => C:\Documents and Settings\All Users\Documents\Norton\{N360212038-SHPD-FSD40014}\NortonN360Downloader.exe [1021856 2014-04-27] (Symantec Corporation)
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {2f52ad7c-8929-11e1-8f06-002522eb098f} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce5c-459e-11e1-a9a6-c4d98d73c5c9} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce60-459e-11e1-a9a6-e009794f29f9} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {c15dca14-cf22-11e1-8f94-002522eb098f} - E:\AutoRun.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1004336348-776561741-682003330-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1004336348-776561741-682003330-1003] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=297&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} https://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw

Chrome:
=======
CHR Profile: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx []
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-23] () [File not signed]
R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 Bfascustiverculimned; C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe [4377560 2014-11-03] ()
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-07-20] (Hewlett-Packard Company) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd) [File not signed]
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [541548 2003-12-19] (Realtek Semiconductor Corp.) [File not signed]
S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
S3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2008-07-07] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-06] (GFI Software)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797720 2008-07-07] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2008-07-07] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2008-07-07] (Creative Technology Ltd)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2008-07-28] (MagicISO, Inc.) [File not signed]
R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 netwg311; C:\WINDOWS\System32\DRIVERS\netwg311.sys [386688 2008-07-23] (Texas Instruments)
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1332064 2010-06-21] (Ralink Technology, Corp.)
S3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [65280 2003-08-13] (Realtek Semiconductor Corporation ) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 V0080Dev; C:\WINDOWS\System32\DRIVERS\V0080Dev.sys [503467 2004-08-10] (Creative Technology Ltd.) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 Scutum50; System32\Drivers\Scutum50.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:17 - 2014-11-19 12:22 - 00000000 ____D () C:\FRST
2014-11-19 11:54 - 2014-11-19 11:54 - 04215584 _____ () C:\Documents and Settings\Matt\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-19 11:54 - 2014-11-19 11:54 - 00001876 _____ () C:\Documents and Settings\Matt\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\RegBackup
2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\Documents and Settings\Matt\Start Menu\Programs\Tweaking.com
2014-11-17 11:51 - 2014-11-17 11:51 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\ProcAlyzer Dumps
2014-11-17 11:13 - 2014-11-17 09:09 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-111334.backup
2014-11-17 09:09 - 2014-11-16 21:19 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-090951.backup
2014-11-16 21:19 - 2013-10-28 16:51 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141116-211904.backup
2014-11-16 21:02 - 2014-11-19 08:53 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-16 21:02 - 2014-11-17 11:13 - 00000618 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-16 21:02 - 2014-11-17 11:13 - 00000448 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-11-16 21:01 - 2014-11-16 21:01 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-11-16 21:01 - 2014-11-16 21:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-16 21:01 - 2014-11-16 21:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-11-16 21:01 - 2014-11-16 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-16 21:00 - 2014-11-17 11:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-16 21:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
2014-11-16 15:29 - 2014-11-16 15:29 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 15:12 - 2014-11-16 15:12 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\terraria-server
2014-11-16 15:11 - 2014-11-16 15:11 - 00485905 _____ () C:\Documents and Settings\Matt\Desktop\terraria-server.zip
2014-11-12 16:49 - 2014-11-12 16:50 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-09 14:59 - 2014-11-09 14:58 - 00106496 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
2014-11-09 12:53 - 2014-11-09 12:53 - 00019962 _____ () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE.htm
2014-11-09 12:53 - 2014-11-09 12:53 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE_files
2014-11-08 15:02 - 2014-11-08 15:10 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.technic
2014-10-29 18:15 - 2014-10-30 07:13 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\ftblauncher
2014-10-26 21:05 - 2014-10-26 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Wondershare
2014-10-26 21:04 - 2014-10-26 21:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-10-26 21:01 - 2014-10-26 21:05 - 00010580 _____ () C:\WINDOWS\KB952011.log
2014-10-26 21:01 - 2014-10-26 21:01 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-10-26 21:01 - 2014-10-26 21:01 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Application Data\Wondershare
2014-10-26 20:59 - 2014-10-26 21:26 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\Wondershare Video Editor
2014-10-26 20:59 - 2008-04-14 00:11 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:23 - 2008-07-23 20:01 - 00000000 ___HD () C:\Documents and Settings\Matt\Local Settings\Temp
2014-11-19 12:22 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-19 12:20 - 2013-08-13 06:26 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job
2014-11-19 11:54 - 2013-10-28 16:43 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-19 11:49 - 2012-04-15 07:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-19 11:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-19 11:28 - 2011-06-22 11:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 10:28 - 2008-07-23 20:01 - 00032408 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-19 10:02 - 2008-10-27 11:32 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-19 09:52 - 2011-06-24 13:17 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\My PSP8 Files
2014-11-19 09:00 - 2008-07-23 19:56 - 01606183 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-19 08:51 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
2014-11-19 08:51 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
2014-11-19 08:51 - 2014-03-27 07:07 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-19 08:51 - 2011-06-22 11:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 08:51 - 2008-07-23 20:50 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-19 08:51 - 2008-07-23 20:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-19 08:50 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 21:32 - 2008-07-23 20:01 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
2014-11-18 21:20 - 2013-08-13 06:26 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job
2014-11-18 21:04 - 2014-09-01 08:18 - 00001171 _____ () C:\Documents and Settings\Matt\Application Data\UWRVKX
2014-11-18 00:44 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-11-17 14:28 - 2014-10-12 11:04 - 00000000 ____D () C:\Avenger
2014-11-17 14:19 - 2013-08-28 12:17 - 00678990 _____ () C:\WINDOWS\setupapi.log
2014-11-17 11:51 - 2008-07-23 20:45 - 00000245 ___SH () C:\boot.ini
2014-11-17 11:15 - 2013-08-10 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-11-17 11:11 - 2013-10-15 14:13 - 00000000 ____D () C:\Games
2014-11-17 09:54 - 2014-07-26 21:24 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 23:30 - 2011-12-24 07:34 - 00006730 _____ () C:\WINDOWS\wininit.ini
2014-11-16 21:00 - 2013-08-10 20:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-11-16 20:45 - 2012-01-29 08:23 - 00000000 ____D () C:\Program Files\Wondershare
2014-11-16 20:02 - 2008-10-20 12:03 - 00000000 ____D () C:\Program Files\Google
2014-11-16 17:36 - 2012-04-02 16:04 - 00000000 ____D () C:\Program Files\Audacity
2014-11-16 15:45 - 2011-12-23 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Westwood
2014-11-16 15:45 - 2011-11-05 17:03 - 00000000 ____D () C:\Westwood
2014-11-16 15:34 - 2014-03-26 16:35 - 00000000 ____D () C:\Program Files\WarThunder
2014-11-16 15:31 - 2014-10-03 16:28 - 00000000 ____D () C:\Program Files\iwintoolbarforpogo
2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 15:06 - 2013-08-16 06:15 - 00002399 _____ () C:\WINDOWS\setupact.log
2014-11-13 07:42 - 2011-11-14 11:01 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-11-12 23:17 - 2013-08-16 06:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 23:03 - 2008-07-23 21:13 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 16:51 - 2012-04-15 07:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 16:51 - 2011-06-28 06:20 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 16:18 - 2012-08-29 11:43 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.minecraft
2014-11-08 15:00 - 2014-03-27 07:07 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-27 08:49 - 2008-07-23 20:46 - 03672968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-26 21:05 - 2013-08-16 06:15 - 00378652 _____ () C:\WINDOWS\iis6.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00331599 _____ () C:\WINDOWS\FaxSetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00168468 _____ () C:\WINDOWS\ocgen.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00155162 _____ () C:\WINDOWS\tsoc.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00110994 _____ () C:\WINDOWS\comsetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00107462 _____ () C:\WINDOWS\msmqinst.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00068399 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00058693 _____ () C:\WINDOWS\netfxocm.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00023455 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00018656 _____ () C:\WINDOWS\ocmsn.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00016981 _____ () C:\WINDOWS\msgsocm.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00016483 _____ () C:\WINDOWS\tabletoc.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-26 21:05 - 2011-06-12 16:02 - 00121720 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2014-10-26 09:22 - 2008-07-23 20:47 - 00572762 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-24 21:43 - 2011-07-09 17:17 - 00966536 ___SH () C:\Documents and Settings\Matt\Desktop\Thumbs.db

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Matt\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\Matt\Local Settings\Temp\uninstall.exe
C:\Documents and Settings\Matt\Local Settings\Temp\_is134.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================





Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by Matt at 2014-11-19 12:23:16
Running from C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Connect (HKLM\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.7.110 - Asmedia Technology)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.541-080923a-069992C-ATI - )
authorSTREAM Desktop (HKLM\...\{E4EE090D-7680-414E-9FB7-737A85A5DBE1}) (Version: 2.0.0 - authorstream)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version: - )
Canon MG3100 series User Registration (HKLM\...\Canon MG3100 series User Registration) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio Console (HKLM\...\AudioConSole) (Version: - )
Creative WebCam Live! Pro Driver (1.00.06.0811) (HKLM\...\Creative VF0080) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Driver Download Manager (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Huawei modem (HKLM\...\Huawei Modems) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5328 - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Keynote Connector (HKLM\...\KeynoteConnector) (Version: - )
LightScribe 1.4.109.1 (Version: 1.4.109.1 - http://www.lightscribe.com) Hidden
Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MyFreeCodec) (Version: - )
MyOffice.NET (HKLM\...\MyOffice.NET) (Version: 7.0.66 - Intuitive Solutions Ltd.)
MyOffice.NET (Version: 7.0.66 - Intuitive Solutions Ltd.) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PageBreeze Free HTML Editor (HKLM\...\PageBreeze Free HTML Editor) (Version: - )
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime Alternative 2.7.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.7.0 - )
Ralink RT3690 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.8.0 - Ralink)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.9 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Westwood Shared Internet Components (HKLM\...\{11081AC0-61C4-40DD-8506-B64A3E4F2645}_is1) (Version: - Command & Conquer Communications Center / Westwood)
Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xara Web Designer 7 (HKLM\...\MAGIX_MSI_Xara_Web_Designer_7) (Version: 7.1.2.18332 - Xara Group Ltd)
Xara Web Designer 7 (Version: 7.1.2.18332 - Xara Group Ltd) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
YouTube Downloader 3.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)
YouTube Downloader Toolbar v4.7 (HKLM\...\{3F2B3914-A927-4D1E-8417-E7B7C3339434}) (Version: 4.7 - Spigot, Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 4 more characters).

==================== Restore Points =========================

20-08-2014 22:01:05 Software Distribution Service 3.0
21-08-2014 22:00:48 Software Distribution Service 3.0
29-08-2014 17:08:04 Software Distribution Service 3.0
29-08-2014 22:00:44 Software Distribution Service 3.0
30-08-2014 22:00:46 Software Distribution Service 3.0
31-08-2014 22:01:21 Software Distribution Service 3.0
02-09-2014 05:29:38 Software Distribution Service 3.0
03-09-2014 05:42:50 Software Distribution Service 3.0
03-09-2014 22:01:16 Software Distribution Service 3.0
04-09-2014 22:02:03 Software Distribution Service 3.0
05-09-2014 22:01:51 Software Distribution Service 3.0
06-09-2014 22:00:46 Software Distribution Service 3.0
07-09-2014 22:01:43 Software Distribution Service 3.0
08-09-2014 22:03:28 Software Distribution Service 3.0
09-09-2014 22:01:52 Software Distribution Service 3.0
10-09-2014 18:24:24 Software Distribution Service 3.0
11-09-2014 18:57:27 System Checkpoint
11-09-2014 22:01:49 Software Distribution Service 3.0
12-09-2014 22:01:05 Software Distribution Service 3.0
13-09-2014 22:02:41 Software Distribution Service 3.0
14-09-2014 22:02:12 Software Distribution Service 3.0
15-09-2014 22:01:35 Software Distribution Service 3.0
16-09-2014 22:01:53 Software Distribution Service 3.0
18-09-2014 05:16:54 Software Distribution Service 3.0
18-09-2014 22:01:29 Software Distribution Service 3.0
19-09-2014 22:02:00 Software Distribution Service 3.0
20-09-2014 22:01:12 Software Distribution Service 3.0
21-09-2014 22:01:38 Software Distribution Service 3.0
22-09-2014 22:01:42 Software Distribution Service 3.0
23-09-2014 22:01:20 Software Distribution Service 3.0
24-09-2014 22:02:04 Software Distribution Service 3.0
25-09-2014 22:01:52 Software Distribution Service 3.0
26-09-2014 22:01:50 Software Distribution Service 3.0
27-09-2014 22:01:14 Software Distribution Service 3.0
28-09-2014 22:00:47 Software Distribution Service 3.0
29-09-2014 22:01:43 Software Distribution Service 3.0
30-09-2014 22:01:49 Software Distribution Service 3.0
01-10-2014 22:01:56 Software Distribution Service 3.0
02-10-2014 22:02:00 Software Distribution Service 3.0
03-10-2014 22:00:48 Software Distribution Service 3.0
05-10-2014 07:06:39 Software Distribution Service 3.0
05-10-2014 22:01:43 Software Distribution Service 3.0
07-10-2014 06:32:59 Software Distribution Service 3.0
07-10-2014 22:05:04 Software Distribution Service 3.0
08-10-2014 22:01:42 Software Distribution Service 3.0
09-10-2014 22:01:21 Software Distribution Service 3.0
10-10-2014 22:01:38 Software Distribution Service 3.0
12-10-2014 09:18:51 Software Distribution Service 3.0
12-10-2014 11:21:57 Removed Samsung Kies
12-10-2014 11:31:10 Removed Samsung Story Album Viewer
12-10-2014 22:02:03 Software Distribution Service 3.0
13-10-2014 22:01:45 Software Distribution Service 3.0
14-10-2014 22:01:41 Software Distribution Service 3.0
15-10-2014 22:01:34 Software Distribution Service 3.0
16-10-2014 22:01:53 Software Distribution Service 3.0
17-10-2014 22:01:58 Software Distribution Service 3.0
18-10-2014 22:01:19 Software Distribution Service 3.0
19-10-2014 22:02:48 Software Distribution Service 3.0
20-10-2014 22:01:48 Software Distribution Service 3.0
21-10-2014 22:01:25 Software Distribution Service 3.0
22-10-2014 22:00:51 Software Distribution Service 3.0
23-10-2014 22:01:52 Software Distribution Service 3.0
24-10-2014 22:01:38 Software Distribution Service 3.0
26-10-2014 09:21:35 Software Distribution Service 3.0
26-10-2014 21:04:46 Installed Windows XP -- Software Updates KB952011.
26-10-2014 23:01:17 Software Distribution Service 3.0
27-10-2014 23:01:42 Software Distribution Service 3.0
28-10-2014 23:01:27 Software Distribution Service 3.0
29-10-2014 23:01:37 Software Distribution Service 3.0
30-10-2014 23:01:59 Software Distribution Service 3.0
31-10-2014 23:01:19 Software Distribution Service 3.0
01-11-2014 23:01:58 Software Distribution Service 3.0
03-11-2014 07:35:21 Software Distribution Service 3.0
03-11-2014 23:00:47 Software Distribution Service 3.0
04-11-2014 22:17:59 Software Distribution Service 3.0
05-11-2014 22:53:36 System Checkpoint
05-11-2014 23:01:22 Software Distribution Service 3.0
07-11-2014 08:31:24 Software Distribution Service 3.0
07-11-2014 23:01:21 Software Distribution Service 3.0
08-11-2014 23:02:03 Software Distribution Service 3.0
09-11-2014 23:01:15 Software Distribution Service 3.0
10-11-2014 23:01:50 Software Distribution Service 3.0
12-11-2014 08:08:36 Software Distribution Service 3.0
12-11-2014 23:01:37 Software Distribution Service 3.0
13-11-2014 23:02:02 Software Distribution Service 3.0
14-11-2014 12:35:31 Software Distribution Service 3.0
14-11-2014 23:01:57 Software Distribution Service 3.0
16-11-2014 15:33:13 Removed Governor of Poker 2
16-11-2014 15:48:31 Removed Google Earth.
16-11-2014 23:01:19 Software Distribution Service 3.0
17-11-2014 10:55:14 Removed Bonjour
17-11-2014 11:05:33 Removed Bonjour
17-11-2014 11:09:28 Removed Silhouette Studio
17-11-2014 23:01:25 Software Distribution Service 3.0
18-11-2014 21:34:05 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 12:00 - 2014-11-17 11:13 - 00450738 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-23 08:47 - 2011-03-23 16:32 - 01740696 _____ () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
2014-11-16 15:38 - 2014-11-03 13:56 - 04377560 ___SH () C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe
2014-11-16 15:38 - 2014-03-07 19:56 - 00117262 ___SH () C:\Program Files\Bfascustiverculimned\libgcc_s_dw2-1.dll
2014-11-16 15:38 - 2014-03-07 19:56 - 00970766 ___SH () C:\Program Files\Bfascustiverculimned\libstdc++-6.dll
2014-11-16 15:38 - 2014-11-16 15:38 - 00160728 ____R () C:\Program Files\Bfascustiverculimned\BfascustiverculimnedHelper.exe
2014-11-16 21:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-16 21:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-16 21:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-16 21:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-16 21:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-26 21:01 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-10-26 21:01 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk => C:\WINDOWS\pss\MagicDisc.lnkStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\Matt\Local Settings\Application Data\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: Driver Manager => C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: DVDTray => C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: iLivid => "C:\Documents and Settings\Matt\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MobileAppSync => "C:\Program Files\Mobile App Sync\D2MClient.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: NBJ => "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe"
MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WebCake Desktop => "C:\Documents and Settings\Matt\Application Data\Tepfel\WebCakeDesktop.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1004336348-776561741-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1004336348-776561741-682003330-1024 - Limited - Enabled)
Guest (S-1-5-21-1004336348-776561741-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1004336348-776561741-682003330-1000 - Limited - Disabled)
Joshua (S-1-5-21-1004336348-776561741-682003330-1025 - Limited - Enabled)
Matt (S-1-5-21-1004336348-776561741-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt
Naomi (S-1-5-21-1004336348-776561741-682003330-1022 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Naomi.DESKTOP.000
SUPPORT_388945a0 (S-1-5-21-1004336348-776561741-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2014 00:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst[1].exe, version 19.11.2014.0, faulting module frst[1].exe, version 19.11.2014.0, fault address 0x0001f09e.
Processing media-specific event for [frst[1].exe!ws!]

Error: (11/19/2014 11:52:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/18/2014 09:35:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/18/2014 09:35:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/18/2014 09:35:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/18/2014 09:34:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/18/2014 09:34:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/18/2014 00:39:59 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1180947459.

Error: (11/18/2014 00:39:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/18/2014 00:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/19/2014 11:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (11/19/2014 10:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (11/19/2014 09:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (11/18/2014 09:35:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2878303).

Error: (11/18/2014 09:35:20 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).

Error: (11/18/2014 09:35:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760494).

Error: (11/18/2014 09:34:58 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Publisher 2003 (KB2878299).


Microsoft Office Sessions:
=========================
Error: (11/19/2014 00:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst[1].exe19.11.2014.0frst[1].exe19.11.2014.00001f09e

Error: (11/19/2014 11:52:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/18/2014 09:35:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)

Error: (11/18/2014 09:35:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)

Error: (11/18/2014 09:35:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)

Error: (11/18/2014 09:34:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)

Error: (11/18/2014 09:34:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)

Error: (11/18/2014 00:39:59 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1180947459

Error: (11/18/2014 00:39:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/18/2014 00:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 2794.67 MB
Available physical RAM: 1791.41 MB
Total Pagefile: 5434.84 MB
Available Pagefile: 4521.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:326.02 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2343CA6A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-19 12:29:45
-----------------------------
12:29:45.062 OS Version: Windows 5.1.2600 Service Pack 3
12:29:45.062 Number of processors: 2 586 0x2A07
12:29:45.062 ComputerName: DESKTOP UserName: Matt
12:29:51.859 Initialize success
12:29:52.000 VM: initialized successfully
12:29:52.000 VM: Intel CPU supported
12:29:54.328 VM: supported disk I/O atapi.sys
12:41:03.343 AVAST engine defs: 14111900
12:41:55.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:41:55.250 Disk 0 Vendor: ST320DM000-1BC14C JC4B Size: 305245MB BusType: 3
12:41:55.421 Disk 0 MBR read successfully
12:41:55.421 Disk 0 MBR scan
12:41:55.484 Disk 0 Windows XP default MBR code
12:41:55.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
12:41:55.484 Disk 0 default boot code
12:41:55.500 Disk 0 scanning sectors +976768065
12:41:55.546 Disk 0 scanning C:\WINDOWS\system32\drivers
12:42:41.296 Service scanning
12:43:44.187 Modules scanning
12:43:44.187 Disk 0 trace - called modules:
12:43:44.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:43:44.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae11ab8]
12:43:44.218 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ae06f18]
12:43:44.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad77940]
12:43:50.906 AVAST engine scan C:\WINDOWS
12:44:12.765 AVAST engine scan C:\WINDOWS\system32
12:56:06.906 AVAST engine scan C:\WINDOWS\system32\drivers
12:57:02.843 AVAST engine scan C:\Documents and Settings\Matt
12:59:54.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\MBR.dat"
12:59:54.921 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\aswMBR.txt"
13:00:05.046 Disk 0 statistics 1955712/0/0 @ 1.45 MB/s
13:00:05.046 Scan stopped
13:00:06.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:00:06.718 Disk 0 Vendor: ST320DM000-1BC14C JC4B Size: 305245MB BusType: 3
13:00:06.718 Disk 0 MBR read successfully
13:00:06.718 Disk 0 MBR scan
13:00:06.718 Disk 0 Windows XP default MBR code
13:00:06.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
13:00:06.734 Disk 0 default boot code
13:00:06.750 Disk 0 scanning sectors +976768065
13:00:06.765 Disk 0 scanning C:\WINDOWS\system32\drivers
13:00:06.765 Service scanning
13:03:40.875 Modules scanning
13:03:40.875 Disk 0 trace - called modules:
13:03:40.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:03:40.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae11ab8]
13:03:40.890 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ae06f18]
13:03:40.890 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad77940]
13:04:32.000 AVAST engine scan C:\WINDOWS
13:05:04.609 AVAST engine scan C:\WINDOWS\system32
13:16:28.390 AVAST engine scan C:\WINDOWS\system32\drivers
13:17:44.296 AVAST engine scan C:\Documents and Settings\Matt
14:23:57.031 AVAST engine scan C:\Documents and Settings\All Users
14:26:50.390 Disk 0 statistics 5288485/0/0 @ 0.54 MB/s
14:26:50.390 Scan finished successfully
14:56:45.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\MBR.dat"
14:56:45.828 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\aswMBR.txt"

shelf life
2014-11-21, 01:12
hi,
We will delete a service and get two downloads and download FRST again.

Go to Start>Run and type in cmd.exe and click enter. A windows command prompt should open. At the blinking >_ copy paste in whats below in the box:
Copy/paste the first line then click enter, then the next line, click enter. Reboot your machine afterwards.


sc stop Bfascustiverculimned
sc delete Bfascustiverculimned

Next: download and run Adwcleaner:

Please download Adwcleaner.exe (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.
click on AdwCleaner.exe,
Click on the Scan button
Once the scan is done click on the Clean button. Items for removal will be checked for you.
Machine will reboot to finish. After the restart it will display a log. Please post the log in your reply.

Next: Download minitoolbox:
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Checkmark following boxes:

Reset IE Proxy Settings
Reset FF Proxy Settings
Click Go and post the results in your reply.

Third: you will have to redownload FRST again. You having it running out of a temp directory: ( C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB)
Download it again and save it to your desktop or at least somewhere other than a temp directory.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
When the tool opens
When the tool opens click Yes to disclaimer.
Press the Scan button.
When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Juliet
2014-11-21, 01:16
please follow shelf life. :)

sparkie20
2014-11-24, 13:32
Many thanks:

# AdwCleaner v4.102 - Report created 24/11/2014 at 11:17:41
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Matt - DESKTOP
# Running from : C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\7D6GYH2S\AdwCleaner[1].exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\wincert
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Wondershare
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\iwintoolbarforpogo
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Wondershare
Folder Deleted : C:\DOCUME~1\Matt\LOCALS~1\Temp\BrowseMark
Folder Deleted : C:\Documents and Settings\Matt\Application Data\MetaCrawler
Folder Deleted : C:\Documents and Settings\Matt\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Matt\My Documents\PC Health Kit
File Deleted : C:\DOCUME~1\Matt\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKCU\Software\5252dfdab234ec41
Key Deleted : HKLM\SOFTWARE\5252dfdab234ec41
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2476000
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2878731
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275549}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276649}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Red Sky
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\onekit
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ObronaBlockAds
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Cleaner_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\metaCrawler
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
[C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
[C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
[C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Documents and Settings\Naomi.DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
[C:\Documents and Settings\Naomi.DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
[C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
[C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
[C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
[C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
[C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [20704 octets] - [24/11/2014 11:13:37]
AdwCleaner[S0].txt - [20612 octets] - [24/11/2014 11:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20673 octets] ##########




MiniToolBox by Farbar Version: 21-07-2014
Ran by Matt (administrator) on 24-11-2014 at 11:24:45
Running from "C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\7D6GYH2S"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Matt (administrator) on DESKTOP on 24-11-2014 11:27:36
Running from C:\Program Files
Loaded Profile: Matt (Available profiles: Matt & Naomi)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Run: [Norton Download Manager{N360212038-SHPD-FSD40014}] => C:\Documents and Settings\All Users\Documents\Norton\{N360212038-SHPD-FSD40014}\NortonN360Downloader.exe [1021856 2014-04-27] (Symantec Corporation)
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {2f52ad7c-8929-11e1-8f06-002522eb098f} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce5c-459e-11e1-a9a6-c4d98d73c5c9} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce60-459e-11e1-a9a6-e009794f29f9} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {c15dca14-cf22-11e1-8f94-002522eb098f} - E:\AutoRun.exe
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-776561741-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} https://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw

Chrome:
=======
CHR Profile: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-23] () [File not signed]
R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-07-20] (Hewlett-Packard Company) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd) [File not signed]
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [541548 2003-12-19] (Realtek Semiconductor Corp.) [File not signed]
S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
S3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2008-07-07] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-06] (GFI Software)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797720 2008-07-07] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2008-07-07] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2008-07-07] (Creative Technology Ltd)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2008-07-28] (MagicISO, Inc.) [File not signed]
R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 netwg311; C:\WINDOWS\System32\DRIVERS\netwg311.sys [386688 2008-07-23] (Texas Instruments)
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1332064 2010-06-21] (Ralink Technology, Corp.)
S3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [65280 2003-08-13] (Realtek Semiconductor Corporation ) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 V0080Dev; C:\WINDOWS\System32\DRIVERS\V0080Dev.sys [503467 2004-08-10] (Creative Technology Ltd.) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 Scutum50; System32\Drivers\Scutum50.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 11:27 - 2014-11-24 11:28 - 00017640 _____ () C:\Program Files\FRST.txt
2014-11-24 11:26 - 2014-11-24 11:26 - 01110016 _____ (Farbar) C:\Program Files\FRST.exe
2014-11-24 11:24 - 2014-11-24 11:24 - 00000446 _____ () C:\Documents and Settings\Matt\Desktop\Result.txt
2014-11-24 11:13 - 2014-11-24 11:17 - 00000000 ____D () C:\AdwCleaner
2014-11-23 09:47 - 2014-11-23 09:47 - 00000696 _____ () C:\Documents and Settings\All Users\Desktop\World of Warplanes.lnk
2014-11-23 09:47 - 2014-11-23 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\World of Warplanes
2014-11-22 11:25 - 2014-11-22 11:25 - 00000663 _____ () C:\Documents and Settings\All Users\Desktop\World of Tanks.lnk
2014-11-22 11:25 - 2014-11-22 11:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\World of Tanks
2014-11-19 12:23 - 2014-11-24 11:28 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\FIX
2014-11-19 12:17 - 2014-11-24 11:27 - 00000000 ____D () C:\FRST
2014-11-19 11:54 - 2014-11-19 11:54 - 04215584 _____ () C:\Documents and Settings\Matt\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-19 11:54 - 2014-11-19 11:54 - 00001876 _____ () C:\Documents and Settings\Matt\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\RegBackup
2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\Documents and Settings\Matt\Start Menu\Programs\Tweaking.com
2014-11-17 11:51 - 2014-11-17 11:51 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\ProcAlyzer Dumps
2014-11-17 11:13 - 2014-11-17 09:09 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-111334.backup
2014-11-17 09:09 - 2014-11-16 21:19 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-090951.backup
2014-11-16 21:19 - 2013-10-28 16:51 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141116-211904.backup
2014-11-16 21:02 - 2014-11-24 11:21 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-16 21:02 - 2014-11-17 11:13 - 00000618 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-16 21:02 - 2014-11-17 11:13 - 00000448 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-11-16 21:01 - 2014-11-16 21:01 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-11-16 21:01 - 2014-11-16 21:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-16 21:01 - 2014-11-16 21:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-11-16 21:01 - 2014-11-16 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-16 21:00 - 2014-11-17 11:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-16 21:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
2014-11-16 15:29 - 2014-11-16 15:29 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 15:12 - 2014-11-16 15:12 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\terraria-server
2014-11-16 15:11 - 2014-11-16 15:11 - 00485905 _____ () C:\Documents and Settings\Matt\Desktop\terraria-server.zip
2014-11-12 16:49 - 2014-11-12 16:50 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-09 14:59 - 2014-11-09 14:58 - 00106496 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
2014-11-09 12:53 - 2014-11-09 12:53 - 00019962 _____ () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE.htm
2014-11-09 12:53 - 2014-11-09 12:53 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE_files
2014-11-08 15:02 - 2014-11-08 15:10 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.technic
2014-10-29 18:15 - 2014-10-30 07:13 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\ftblauncher
2014-10-26 21:04 - 2014-10-26 21:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-10-26 21:01 - 2014-10-26 21:05 - 00010580 _____ () C:\WINDOWS\KB952011.log
2014-10-26 20:59 - 2014-10-26 21:26 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\Wondershare Video Editor
2014-10-26 20:59 - 2008-04-14 00:11 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 11:28 - 2008-07-23 20:01 - 00000000 ___HD () C:\Documents and Settings\Matt\Local Settings\Temp
2014-11-24 11:28 - 2008-07-23 19:56 - 01970804 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-24 11:22 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-24 11:21 - 2008-07-23 20:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-24 11:21 - 2008-07-23 20:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-24 11:20 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
2014-11-24 11:20 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
2014-11-24 11:20 - 2014-03-27 07:07 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-24 11:20 - 2013-08-13 06:26 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job
2014-11-24 11:19 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-24 11:18 - 2008-07-23 20:01 - 00032236 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-24 11:18 - 2008-07-23 20:01 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
2014-11-24 10:50 - 2013-08-28 12:17 - 00686166 _____ () C:\WINDOWS\setupapi.log
2014-11-24 10:49 - 2012-04-15 07:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-24 10:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-23 21:20 - 2013-08-13 06:26 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job
2014-11-23 19:07 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-11-23 09:47 - 2013-10-15 14:13 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-11-23 09:47 - 2013-10-15 14:13 - 00000000 ____D () C:\Games
2014-11-23 09:47 - 2008-07-23 19:56 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-11-21 13:28 - 2013-08-16 06:15 - 00002474 _____ () C:\WINDOWS\setupact.log
2014-11-21 09:53 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\Matt
2014-11-21 08:29 - 2008-10-20 12:03 - 00000000 ____D () C:\Program Files\Google
2014-11-19 11:54 - 2013-10-28 16:43 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-19 10:02 - 2008-10-27 11:32 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-19 09:52 - 2011-06-24 13:17 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\My PSP8 Files
2014-11-18 21:04 - 2014-09-01 08:18 - 00001171 _____ () C:\Documents and Settings\Matt\Application Data\UWRVKX
2014-11-17 14:28 - 2014-10-12 11:04 - 00000000 ____D () C:\Avenger
2014-11-17 11:51 - 2008-07-23 20:45 - 00000245 ___SH () C:\boot.ini
2014-11-17 11:15 - 2013-08-10 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-11-17 09:54 - 2014-07-26 21:24 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 23:30 - 2011-12-24 07:34 - 00006730 _____ () C:\WINDOWS\wininit.ini
2014-11-16 21:00 - 2013-08-10 20:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-11-16 17:36 - 2012-04-02 16:04 - 00000000 ____D () C:\Program Files\Audacity
2014-11-16 15:45 - 2011-12-23 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Westwood
2014-11-16 15:45 - 2011-11-05 17:03 - 00000000 ____D () C:\Westwood
2014-11-16 15:34 - 2014-03-26 16:35 - 00000000 ____D () C:\Program Files\WarThunder
2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-13 07:42 - 2011-11-14 11:01 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-11-12 23:17 - 2013-08-16 06:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 23:03 - 2008-07-23 21:13 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 16:51 - 2012-04-15 07:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 16:51 - 2011-06-28 06:20 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 16:18 - 2012-08-29 11:43 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.minecraft
2014-11-08 15:00 - 2014-03-27 07:07 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-27 08:49 - 2008-07-23 20:46 - 03672968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-26 21:05 - 2013-08-16 06:15 - 00378652 _____ () C:\WINDOWS\iis6.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00331599 _____ () C:\WINDOWS\FaxSetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00168468 _____ () C:\WINDOWS\ocgen.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00155162 _____ () C:\WINDOWS\tsoc.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00110994 _____ () C:\WINDOWS\comsetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00107462 _____ () C:\WINDOWS\msmqinst.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00068399 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00058693 _____ () C:\WINDOWS\netfxocm.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00023455 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00018656 _____ () C:\WINDOWS\ocmsn.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00016981 _____ () C:\WINDOWS\msgsocm.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00016483 _____ () C:\WINDOWS\tabletoc.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-26 21:05 - 2011-06-12 16:02 - 00121720 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2014-10-26 09:22 - 2008-07-23 20:47 - 00572762 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Matt\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Matt\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\Matt\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Matt\Local Settings\Temp\_is134.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
Ran by Matt at 2014-11-24 11:29:22
Running from C:\Program Files
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Connect (HKLM\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.7.110 - Asmedia Technology)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.541-080923a-069992C-ATI - )
authorSTREAM Desktop (HKLM\...\{E4EE090D-7680-414E-9FB7-737A85A5DBE1}) (Version: 2.0.0 - authorstream)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version: - )
Canon MG3100 series User Registration (HKLM\...\Canon MG3100 series User Registration) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio Console (HKLM\...\AudioConSole) (Version: - )
Creative WebCam Live! Pro Driver (1.00.06.0811) (HKLM\...\Creative VF0080) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Driver Download Manager (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Huawei modem (HKLM\...\Huawei Modems) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5328 - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Keynote Connector (HKLM\...\KeynoteConnector) (Version: - )
LightScribe 1.4.109.1 (Version: 1.4.109.1 - http://www.lightscribe.com) Hidden
Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MyFreeCodec) (Version: - )
MyOffice.NET (HKLM\...\MyOffice.NET) (Version: 7.0.66 - Intuitive Solutions Ltd.)
MyOffice.NET (Version: 7.0.66 - Intuitive Solutions Ltd.) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PageBreeze Free HTML Editor (HKLM\...\PageBreeze Free HTML Editor) (Version: - )
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime Alternative 2.7.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.7.0 - )
Ralink RT3690 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.8.0 - Ralink)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.9 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Westwood Shared Internet Components (HKLM\...\{11081AC0-61C4-40DD-8506-B64A3E4F2645}_is1) (Version: - Command & Conquer Communications Center / Westwood)
Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net)
Xara Web Designer 7 (HKLM\...\MAGIX_MSI_Xara_Web_Designer_7) (Version: 7.1.2.18332 - Xara Group Ltd)
Xara Web Designer 7 (Version: 7.1.2.18332 - Xara Group Ltd) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
YouTube Downloader Toolbar v4.7 (HKLM\...\{3F2B3914-A927-4D1E-8417-E7B7C3339434}) (Version: 4.7 - Spigot, Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 4 more characters).

==================== Restore Points =========================

29-08-2014 17:08:04 Software Distribution Service 3.0
29-08-2014 22:00:44 Software Distribution Service 3.0
30-08-2014 22:00:46 Software Distribution Service 3.0
31-08-2014 22:01:21 Software Distribution Service 3.0
02-09-2014 05:29:38 Software Distribution Service 3.0
03-09-2014 05:42:50 Software Distribution Service 3.0
03-09-2014 22:01:16 Software Distribution Service 3.0
04-09-2014 22:02:03 Software Distribution Service 3.0
05-09-2014 22:01:51 Software Distribution Service 3.0
06-09-2014 22:00:46 Software Distribution Service 3.0
07-09-2014 22:01:43 Software Distribution Service 3.0
08-09-2014 22:03:28 Software Distribution Service 3.0
09-09-2014 22:01:52 Software Distribution Service 3.0
10-09-2014 18:24:24 Software Distribution Service 3.0
11-09-2014 18:57:27 System Checkpoint
11-09-2014 22:01:49 Software Distribution Service 3.0
12-09-2014 22:01:05 Software Distribution Service 3.0
13-09-2014 22:02:41 Software Distribution Service 3.0
14-09-2014 22:02:12 Software Distribution Service 3.0
15-09-2014 22:01:35 Software Distribution Service 3.0
16-09-2014 22:01:53 Software Distribution Service 3.0
18-09-2014 05:16:54 Software Distribution Service 3.0
18-09-2014 22:01:29 Software Distribution Service 3.0
19-09-2014 22:02:00 Software Distribution Service 3.0
20-09-2014 22:01:12 Software Distribution Service 3.0
21-09-2014 22:01:38 Software Distribution Service 3.0
22-09-2014 22:01:42 Software Distribution Service 3.0
23-09-2014 22:01:20 Software Distribution Service 3.0
24-09-2014 22:02:04 Software Distribution Service 3.0
25-09-2014 22:01:52 Software Distribution Service 3.0
26-09-2014 22:01:50 Software Distribution Service 3.0
27-09-2014 22:01:14 Software Distribution Service 3.0
28-09-2014 22:00:47 Software Distribution Service 3.0
29-09-2014 22:01:43 Software Distribution Service 3.0
30-09-2014 22:01:49 Software Distribution Service 3.0
01-10-2014 22:01:56 Software Distribution Service 3.0
02-10-2014 22:02:00 Software Distribution Service 3.0
03-10-2014 22:00:48 Software Distribution Service 3.0
05-10-2014 07:06:39 Software Distribution Service 3.0
05-10-2014 22:01:43 Software Distribution Service 3.0
07-10-2014 06:32:59 Software Distribution Service 3.0
07-10-2014 22:05:04 Software Distribution Service 3.0
08-10-2014 22:01:42 Software Distribution Service 3.0
09-10-2014 22:01:21 Software Distribution Service 3.0
10-10-2014 22:01:38 Software Distribution Service 3.0
12-10-2014 09:18:51 Software Distribution Service 3.0
12-10-2014 11:21:57 Removed Samsung Kies
12-10-2014 11:31:10 Removed Samsung Story Album Viewer
12-10-2014 22:02:03 Software Distribution Service 3.0
13-10-2014 22:01:45 Software Distribution Service 3.0
14-10-2014 22:01:41 Software Distribution Service 3.0
15-10-2014 22:01:34 Software Distribution Service 3.0
16-10-2014 22:01:53 Software Distribution Service 3.0
17-10-2014 22:01:58 Software Distribution Service 3.0
18-10-2014 22:01:19 Software Distribution Service 3.0
19-10-2014 22:02:48 Software Distribution Service 3.0
20-10-2014 22:01:48 Software Distribution Service 3.0
21-10-2014 22:01:25 Software Distribution Service 3.0
22-10-2014 22:00:51 Software Distribution Service 3.0
23-10-2014 22:01:52 Software Distribution Service 3.0
24-10-2014 22:01:38 Software Distribution Service 3.0
26-10-2014 09:21:35 Software Distribution Service 3.0
26-10-2014 21:04:46 Installed Windows XP -- Software Updates KB952011.
26-10-2014 23:01:17 Software Distribution Service 3.0
27-10-2014 23:01:42 Software Distribution Service 3.0
28-10-2014 23:01:27 Software Distribution Service 3.0
29-10-2014 23:01:37 Software Distribution Service 3.0
30-10-2014 23:01:59 Software Distribution Service 3.0
31-10-2014 23:01:19 Software Distribution Service 3.0
01-11-2014 23:01:58 Software Distribution Service 3.0
03-11-2014 07:35:21 Software Distribution Service 3.0
03-11-2014 23:00:47 Software Distribution Service 3.0
04-11-2014 22:17:59 Software Distribution Service 3.0
05-11-2014 22:53:36 System Checkpoint
05-11-2014 23:01:22 Software Distribution Service 3.0
07-11-2014 08:31:24 Software Distribution Service 3.0
07-11-2014 23:01:21 Software Distribution Service 3.0
08-11-2014 23:02:03 Software Distribution Service 3.0
09-11-2014 23:01:15 Software Distribution Service 3.0
10-11-2014 23:01:50 Software Distribution Service 3.0
12-11-2014 08:08:36 Software Distribution Service 3.0
12-11-2014 23:01:37 Software Distribution Service 3.0
13-11-2014 23:02:02 Software Distribution Service 3.0
14-11-2014 12:35:31 Software Distribution Service 3.0
14-11-2014 23:01:57 Software Distribution Service 3.0
16-11-2014 15:33:13 Removed Governor of Poker 2
16-11-2014 15:48:31 Removed Google Earth.
16-11-2014 23:01:19 Software Distribution Service 3.0
17-11-2014 10:55:14 Removed Bonjour
17-11-2014 11:05:33 Removed Bonjour
17-11-2014 11:09:28 Removed Silhouette Studio
17-11-2014 23:01:25 Software Distribution Service 3.0
18-11-2014 21:34:05 Software Distribution Service 3.0
19-11-2014 21:55:28 System Checkpoint
19-11-2014 23:01:22 Software Distribution Service 3.0
20-11-2014 23:00:50 Software Distribution Service 3.0
21-11-2014 09:54:33 Software Distribution Service 3.0
21-11-2014 23:00:55 Software Distribution Service 3.0
23-11-2014 06:13:33 Software Distribution Service 3.0
23-11-2014 23:01:19 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 12:00 - 2014-11-17 11:13 - 00450738 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe

==================== Loaded Modules (whitelisted) =============

2008-07-27 08:44 - 2005-10-07 14:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-16 21:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-16 21:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-23 08:47 - 2011-03-23 16:32 - 01740696 _____ () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
2014-11-16 21:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-16 21:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-16 21:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk => C:\WINDOWS\pss\MagicDisc.lnkStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\Matt\Local Settings\Application Data\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: Driver Manager => C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: DVDTray => C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: iLivid => "C:\Documents and Settings\Matt\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MobileAppSync => "C:\Program Files\Mobile App Sync\D2MClient.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: NBJ => "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe"
MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WebCake Desktop => "C:\Documents and Settings\Matt\Application Data\Tepfel\WebCakeDesktop.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1004336348-776561741-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1004336348-776561741-682003330-1024 - Limited - Enabled)
Guest (S-1-5-21-1004336348-776561741-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1004336348-776561741-682003330-1000 - Limited - Disabled)
Joshua (S-1-5-21-1004336348-776561741-682003330-1025 - Limited - Enabled)
Matt (S-1-5-21-1004336348-776561741-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt
Naomi (S-1-5-21-1004336348-776561741-682003330-1022 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Naomi.DESKTOP.000
SUPPORT_388945a0 (S-1-5-21-1004336348-776561741-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 11:02:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 11:02:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 11:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 11:02:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 11:01:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 06:15:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 06:15:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 06:15:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 06:14:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/23/2014 06:14:25 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (11/24/2014 11:17:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2014 11:07:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/24/2014 11:07:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/24/2014 11:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (11/24/2014 11:05:59 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.4 for the Network Card with network address 48022AFB7F42 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/24/2014 10:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (11/23/2014 11:02:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)

Error: (11/23/2014 11:02:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)

Error: (11/23/2014 11:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)

Error: (11/23/2014 11:02:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)

Error: (11/23/2014 11:01:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)

Error: (11/23/2014 06:15:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)

Error: (11/23/2014 06:15:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)

Error: (11/23/2014 06:15:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)

Error: (11/23/2014 06:14:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)

Error: (11/23/2014 06:14:25 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 2794.67 MB
Available physical RAM: 1866.04 MB
Total Pagefile: 5434.84 MB
Available Pagefile: 4595.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:295.65 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2343CA6A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

shelf life
2014-11-24, 23:32
Ok so far so good. We will use FRST to delete some items then get one more download to use:

Please copy and paste the contents of the below code box into the open notepad and save it to your desktop as fixlist.txt



HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-776561741-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
2014-11-24 11:20 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
2014-11-24 11:20 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
2014-11-24 10:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-24 11:19 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-24 11:18 - 2008-07-23 20:01 - 00032236 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
C:\Windows\Tasks\At1.job
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe
AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792
EmptyTemp:




Start FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
When done the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

You can get JRT.exe and see if it can dig up anything, it also targets adware type stuff

Please download Junkware Removal Tool to your desktop.

http://thisisudax.org/downloads/JRT.exe

Double click the icon or Right click for Vista/W7,8 and select Run as administrator
The tool will open and start scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message