Results 1 to 5 of 5

Thread: Unknown Malware/Browser Hijak help please

  1. #1
    Junior Member
    Join Date
    Nov 2014
    Posts
    2

    Default Unknown Malware/Browser Hijak help please

    Hi could anyone help please?
    I have some sort of malware, it causes various different pop up windows/browser hijaks etc. Regularly causes scripts to stop running, crashes browser entirely/slow pc etc
    Spybot + AV found stuff, but fixing them hasn't fixed the problem. Ditto Malwarebytes Anti-Malware.
    I've uninstalled chrome, but still have the problem on IE

    Do I just go ahead and post the logs outlined above?

    Edit Forum FAQ: http://forums.spybot.info/showthread.php?t=288

    TIA
    Sparks

    Ok so looking at other threads (the best I can with my dodgy browser), it seems so:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
    Ran by Matt (administrator) on DESKTOP on 19-11-2014 12:22:55
    Running from C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB
    Loaded Profile: Matt (Available profiles: Matt & Naomi)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    () C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe
    (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
    () C:\Program Files\Bfascustiverculimned\BfascustiverculimnedHelper.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Farbar) C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB\FRST[1].exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Run: [Norton Download Manager{N360212038-SHPD-FSD40014}] => C:\Documents and Settings\All Users\Documents\Norton\{N360212038-SHPD-FSD40014}\NortonN360Downloader.exe [1021856 2014-04-27] (Symantec Corporation)
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {2f52ad7c-8929-11e1-8f06-002522eb098f} - E:\AutoRun.exe
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce5c-459e-11e1-a9a6-c4d98d73c5c9} - E:\AutoRun.exe
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce60-459e-11e1-a9a6-e009794f29f9} - E:\AutoRun.exe
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {c15dca14-cf22-11e1-8f94-002522eb098f} - E:\AutoRun.exe
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
    HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-1004336348-776561741-682003330-1003] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-1004336348-776561741-682003330-1003] => http=127.0.0.1:9880;https=127.0.0.1:9880
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=297&src=ds&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} https://authenticate.gateway.gov.uk/...lInstaller.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
    DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/appl...orLauncher.cab
    DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-28]
    FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
    CHR Extension: (YouTube) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
    CHR Extension: (Google Search) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
    CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx []
    CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx []

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-23] () [File not signed]
    R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
    R2 Bfascustiverculimned; C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe [4377560 2014-11-03] ()
    R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
    R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.)
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-07-20] (Hewlett-Packard Company) [File not signed]
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd) [File not signed]
    S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [541548 2003-12-19] (Realtek Semiconductor Corp.) [File not signed]
    S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
    S3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
    S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
    S3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
    S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2008-07-07] (Creative Technology Ltd)
    S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
    S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
    S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
    S3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
    R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
    S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
    R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-06] (GFI Software)
    S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797720 2008-07-07] (Creative Technology Ltd)
    S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2008-07-07] (Creative Technology Ltd)
    S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2008-07-07] (Creative Technology Ltd)
    R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2008-07-28] (MagicISO, Inc.) [File not signed]
    R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
    R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 netwg311; C:\WINDOWS\System32\DRIVERS\netwg311.sys [386688 2008-07-23] (Texas Instruments)
    S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
    R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1332064 2010-06-21] (Ralink Technology, Corp.)
    S3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [65280 2003-08-13] (Realtek Semiconductor Corporation ) [File not signed]
    R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
    S3 V0080Dev; C:\WINDOWS\System32\DRIVERS\V0080Dev.sys [503467 2004-08-10] (Creative Technology Ltd.) [File not signed]
    R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.)
    S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
    S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
    S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
    S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
    S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S2 Scutum50; System32\Drivers\Scutum50.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 12:17 - 2014-11-19 12:22 - 00000000 ____D () C:\FRST
    2014-11-19 11:54 - 2014-11-19 11:54 - 04215584 _____ () C:\Documents and Settings\Matt\Desktop\tweaking.com_registry_backup_setup.exe
    2014-11-19 11:54 - 2014-11-19 11:54 - 00001876 _____ () C:\Documents and Settings\Matt\Desktop\Tweaking.com - Registry Backup.lnk
    2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\RegBackup
    2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\Documents and Settings\Matt\Start Menu\Programs\Tweaking.com
    2014-11-17 11:51 - 2014-11-17 11:51 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\ProcAlyzer Dumps
    2014-11-17 11:13 - 2014-11-17 09:09 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-111334.backup
    2014-11-17 09:09 - 2014-11-16 21:19 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-090951.backup
    2014-11-16 21:19 - 2013-10-28 16:51 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141116-211904.backup
    2014-11-16 21:02 - 2014-11-19 08:53 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2014-11-16 21:02 - 2014-11-17 11:13 - 00000618 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-11-16 21:02 - 2014-11-17 11:13 - 00000448 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
    2014-11-16 21:01 - 2014-11-16 21:01 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
    2014-11-16 21:01 - 2014-11-16 21:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-11-16 21:01 - 2014-11-16 21:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
    2014-11-16 21:01 - 2014-11-16 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-11-16 21:00 - 2014-11-17 11:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2014-11-16 21:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
    2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
    2014-11-16 15:29 - 2014-11-16 15:29 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-16 15:12 - 2014-11-16 15:12 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\terraria-server
    2014-11-16 15:11 - 2014-11-16 15:11 - 00485905 _____ () C:\Documents and Settings\Matt\Desktop\terraria-server.zip
    2014-11-12 16:49 - 2014-11-12 16:50 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-11-09 14:59 - 2014-11-09 14:58 - 00106496 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
    2014-11-09 12:53 - 2014-11-09 12:53 - 00019962 _____ () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE.htm
    2014-11-09 12:53 - 2014-11-09 12:53 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE_files
    2014-11-08 15:02 - 2014-11-08 15:10 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.technic
    2014-10-29 18:15 - 2014-10-30 07:13 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\ftblauncher
    2014-10-26 21:05 - 2014-10-26 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Wondershare
    2014-10-26 21:04 - 2014-10-26 21:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
    2014-10-26 21:01 - 2014-10-26 21:05 - 00010580 _____ () C:\WINDOWS\KB952011.log
    2014-10-26 21:01 - 2014-10-26 21:01 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
    2014-10-26 21:01 - 2014-10-26 21:01 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Application Data\Wondershare
    2014-10-26 20:59 - 2014-10-26 21:26 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\Wondershare Video Editor
    2014-10-26 20:59 - 2008-04-14 00:11 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 12:23 - 2008-07-23 20:01 - 00000000 ___HD () C:\Documents and Settings\Matt\Local Settings\Temp
    2014-11-19 12:22 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-11-19 12:20 - 2013-08-13 06:26 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job
    2014-11-19 11:54 - 2013-10-28 16:43 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-11-19 11:49 - 2012-04-15 07:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-11-19 11:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
    2014-11-19 11:28 - 2011-06-22 11:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-19 10:28 - 2008-07-23 20:01 - 00032408 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-19 10:02 - 2008-10-27 11:32 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-11-19 09:52 - 2011-06-24 13:17 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\My PSP8 Files
    2014-11-19 09:00 - 2008-07-23 19:56 - 01606183 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-19 08:51 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
    2014-11-19 08:51 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
    2014-11-19 08:51 - 2014-03-27 07:07 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-11-19 08:51 - 2011-06-22 11:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-19 08:51 - 2008-07-23 20:50 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2014-11-19 08:51 - 2008-07-23 20:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-19 08:50 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-18 21:32 - 2008-07-23 20:01 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
    2014-11-18 21:20 - 2013-08-13 06:26 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job
    2014-11-18 21:04 - 2014-09-01 08:18 - 00001171 _____ () C:\Documents and Settings\Matt\Application Data\UWRVKX
    2014-11-18 00:44 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2014-11-17 14:28 - 2014-10-12 11:04 - 00000000 ____D () C:\Avenger
    2014-11-17 14:19 - 2013-08-28 12:17 - 00678990 _____ () C:\WINDOWS\setupapi.log
    2014-11-17 11:51 - 2008-07-23 20:45 - 00000245 ___SH () C:\boot.ini
    2014-11-17 11:15 - 2013-08-10 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2014-11-17 11:11 - 2013-10-15 14:13 - 00000000 ____D () C:\Games
    2014-11-17 09:54 - 2014-07-26 21:24 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-16 23:30 - 2011-12-24 07:34 - 00006730 _____ () C:\WINDOWS\wininit.ini
    2014-11-16 21:00 - 2013-08-10 20:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2014-11-16 20:45 - 2012-01-29 08:23 - 00000000 ____D () C:\Program Files\Wondershare
    2014-11-16 20:02 - 2008-10-20 12:03 - 00000000 ____D () C:\Program Files\Google
    2014-11-16 17:36 - 2012-04-02 16:04 - 00000000 ____D () C:\Program Files\Audacity
    2014-11-16 15:45 - 2011-12-23 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Westwood
    2014-11-16 15:45 - 2011-11-05 17:03 - 00000000 ____D () C:\Westwood
    2014-11-16 15:34 - 2014-03-26 16:35 - 00000000 ____D () C:\Program Files\WarThunder
    2014-11-16 15:31 - 2014-10-03 16:28 - 00000000 ____D () C:\Program Files\iwintoolbarforpogo
    2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-16 15:06 - 2013-08-16 06:15 - 00002399 _____ () C:\WINDOWS\setupact.log
    2014-11-13 07:42 - 2011-11-14 11:01 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    2014-11-12 23:17 - 2013-08-16 06:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-12 23:03 - 2008-07-23 21:13 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-12 16:51 - 2012-04-15 07:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-12 16:51 - 2011-06-28 06:20 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-12 16:18 - 2012-08-29 11:43 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.minecraft
    2014-11-08 15:00 - 2014-03-27 07:07 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-10-27 08:49 - 2008-07-23 20:46 - 03672968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-26 21:05 - 2013-08-16 06:15 - 00378652 _____ () C:\WINDOWS\iis6.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00331599 _____ () C:\WINDOWS\FaxSetup.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00168468 _____ () C:\WINDOWS\ocgen.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00155162 _____ () C:\WINDOWS\tsoc.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00110994 _____ () C:\WINDOWS\comsetup.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00107462 _____ () C:\WINDOWS\msmqinst.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00068399 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00058693 _____ () C:\WINDOWS\netfxocm.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00023455 _____ () C:\WINDOWS\MedCtrOC.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00018656 _____ () C:\WINDOWS\ocmsn.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00016981 _____ () C:\WINDOWS\msgsocm.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00016483 _____ () C:\WINDOWS\tabletoc.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00001393 _____ () C:\WINDOWS\imsins.log
    2014-10-26 21:05 - 2011-06-12 16:02 - 00121720 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2014-10-26 09:22 - 2008-07-23 20:47 - 00572762 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-10-24 21:43 - 2011-07-09 17:17 - 00966536 ___SH () C:\Documents and Settings\Matt\Desktop\Thumbs.db

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At1.job


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Matt\Local Settings\Temp\DataCard_Setup.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\ResetDevice.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\uninstall.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\_is134.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================





    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
    Ran by Matt at 2014-11-19 12:23:16
    Running from C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3Connect (HKLM\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.7.110 - Asmedia Technology)
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.541-080923a-069992C-ATI - )
    authorSTREAM Desktop (HKLM\...\{E4EE090D-7680-414E-9FB7-737A85A5DBE1}) (Version: 2.0.0 - authorstream)
    Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
    Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
    Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version: - )
    Canon MG3100 series User Registration (HKLM\...\Canon MG3100 series User Registration) (Version: - )
    Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Creative Audio Console (HKLM\...\AudioConSole) (Version: - )
    Creative WebCam Live! Pro Driver (1.00.06.0811) (HKLM\...\Creative VF0080) (Version: - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    Dell Driver Download Manager (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
    DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Huawei modem (HKLM\...\Huawei Modems) (Version: - )
    Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5328 - Intel Corporation)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
    Keynote Connector (HKLM\...\KeynoteConnector) (Version: - )
    LightScribe 1.4.109.1 (Version: 1.4.109.1 - http://www.lightscribe.com) Hidden
    Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
    MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MyFreeCodec) (Version: - )
    MyOffice.NET (HKLM\...\MyOffice.NET) (Version: 7.0.66 - Intuitive Solutions Ltd.)
    MyOffice.NET (Version: 7.0.66 - Intuitive Solutions Ltd.) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PageBreeze Free HTML Editor (HKLM\...\PageBreeze Free HTML Editor) (Version: - )
    Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    QuickTime Alternative 2.7.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.7.0 - )
    Ralink RT3690 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.8.0 - Ralink)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.9 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
    VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Westwood Shared Internet Components (HKLM\...\{11081AC0-61C4-40DD-8506-B64A3E4F2645}_is1) (Version: - Command & Conquer Communications Center / Westwood)
    Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )
    Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    Xara Web Designer 7 (HKLM\...\MAGIX_MSI_Xara_Web_Designer_7) (Version: 7.1.2.18332 - Xara Group Ltd)
    Xara Web Designer 7 (Version: 7.1.2.18332 - Xara Group Ltd) Hidden
    Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
    YouTube Downloader 3.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)
    YouTube Downloader Toolbar v4.7 (HKLM\...\{3F2B3914-A927-4D1E-8417-E7B7C3339434}) (Version: 4.7 - Spigot, Inc.) <==== ATTENTION

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll N (the data entry has 6 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll N (the data entry has 6 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 4 more characters).

    ==================== Restore Points =========================

    20-08-2014 22:01:05 Software Distribution Service 3.0
    21-08-2014 22:00:48 Software Distribution Service 3.0
    29-08-2014 17:08:04 Software Distribution Service 3.0
    29-08-2014 22:00:44 Software Distribution Service 3.0
    30-08-2014 22:00:46 Software Distribution Service 3.0
    31-08-2014 22:01:21 Software Distribution Service 3.0
    02-09-2014 05:29:38 Software Distribution Service 3.0
    03-09-2014 05:42:50 Software Distribution Service 3.0
    03-09-2014 22:01:16 Software Distribution Service 3.0
    04-09-2014 22:02:03 Software Distribution Service 3.0
    05-09-2014 22:01:51 Software Distribution Service 3.0
    06-09-2014 22:00:46 Software Distribution Service 3.0
    07-09-2014 22:01:43 Software Distribution Service 3.0
    08-09-2014 22:03:28 Software Distribution Service 3.0
    09-09-2014 22:01:52 Software Distribution Service 3.0
    10-09-2014 18:24:24 Software Distribution Service 3.0
    11-09-2014 18:57:27 System Checkpoint
    11-09-2014 22:01:49 Software Distribution Service 3.0
    12-09-2014 22:01:05 Software Distribution Service 3.0
    13-09-2014 22:02:41 Software Distribution Service 3.0
    14-09-2014 22:02:12 Software Distribution Service 3.0
    15-09-2014 22:01:35 Software Distribution Service 3.0
    16-09-2014 22:01:53 Software Distribution Service 3.0
    18-09-2014 05:16:54 Software Distribution Service 3.0
    18-09-2014 22:01:29 Software Distribution Service 3.0
    19-09-2014 22:02:00 Software Distribution Service 3.0
    20-09-2014 22:01:12 Software Distribution Service 3.0
    21-09-2014 22:01:38 Software Distribution Service 3.0
    22-09-2014 22:01:42 Software Distribution Service 3.0
    23-09-2014 22:01:20 Software Distribution Service 3.0
    24-09-2014 22:02:04 Software Distribution Service 3.0
    25-09-2014 22:01:52 Software Distribution Service 3.0
    26-09-2014 22:01:50 Software Distribution Service 3.0
    27-09-2014 22:01:14 Software Distribution Service 3.0
    28-09-2014 22:00:47 Software Distribution Service 3.0
    29-09-2014 22:01:43 Software Distribution Service 3.0
    30-09-2014 22:01:49 Software Distribution Service 3.0
    01-10-2014 22:01:56 Software Distribution Service 3.0
    02-10-2014 22:02:00 Software Distribution Service 3.0
    03-10-2014 22:00:48 Software Distribution Service 3.0
    05-10-2014 07:06:39 Software Distribution Service 3.0
    05-10-2014 22:01:43 Software Distribution Service 3.0
    07-10-2014 06:32:59 Software Distribution Service 3.0
    07-10-2014 22:05:04 Software Distribution Service 3.0
    08-10-2014 22:01:42 Software Distribution Service 3.0
    09-10-2014 22:01:21 Software Distribution Service 3.0
    10-10-2014 22:01:38 Software Distribution Service 3.0
    12-10-2014 09:18:51 Software Distribution Service 3.0
    12-10-2014 11:21:57 Removed Samsung Kies
    12-10-2014 11:31:10 Removed Samsung Story Album Viewer
    12-10-2014 22:02:03 Software Distribution Service 3.0
    13-10-2014 22:01:45 Software Distribution Service 3.0
    14-10-2014 22:01:41 Software Distribution Service 3.0
    15-10-2014 22:01:34 Software Distribution Service 3.0
    16-10-2014 22:01:53 Software Distribution Service 3.0
    17-10-2014 22:01:58 Software Distribution Service 3.0
    18-10-2014 22:01:19 Software Distribution Service 3.0
    19-10-2014 22:02:48 Software Distribution Service 3.0
    20-10-2014 22:01:48 Software Distribution Service 3.0
    21-10-2014 22:01:25 Software Distribution Service 3.0
    22-10-2014 22:00:51 Software Distribution Service 3.0
    23-10-2014 22:01:52 Software Distribution Service 3.0
    24-10-2014 22:01:38 Software Distribution Service 3.0
    26-10-2014 09:21:35 Software Distribution Service 3.0
    26-10-2014 21:04:46 Installed Windows XP -- Software Updates KB952011.
    26-10-2014 23:01:17 Software Distribution Service 3.0
    27-10-2014 23:01:42 Software Distribution Service 3.0
    28-10-2014 23:01:27 Software Distribution Service 3.0
    29-10-2014 23:01:37 Software Distribution Service 3.0
    30-10-2014 23:01:59 Software Distribution Service 3.0
    31-10-2014 23:01:19 Software Distribution Service 3.0
    01-11-2014 23:01:58 Software Distribution Service 3.0
    03-11-2014 07:35:21 Software Distribution Service 3.0
    03-11-2014 23:00:47 Software Distribution Service 3.0
    04-11-2014 22:17:59 Software Distribution Service 3.0
    05-11-2014 22:53:36 System Checkpoint
    05-11-2014 23:01:22 Software Distribution Service 3.0
    07-11-2014 08:31:24 Software Distribution Service 3.0
    07-11-2014 23:01:21 Software Distribution Service 3.0
    08-11-2014 23:02:03 Software Distribution Service 3.0
    09-11-2014 23:01:15 Software Distribution Service 3.0
    10-11-2014 23:01:50 Software Distribution Service 3.0
    12-11-2014 08:08:36 Software Distribution Service 3.0
    12-11-2014 23:01:37 Software Distribution Service 3.0
    13-11-2014 23:02:02 Software Distribution Service 3.0
    14-11-2014 12:35:31 Software Distribution Service 3.0
    14-11-2014 23:01:57 Software Distribution Service 3.0
    16-11-2014 15:33:13 Removed Governor of Poker 2
    16-11-2014 15:48:31 Removed Google Earth.
    16-11-2014 23:01:19 Software Distribution Service 3.0
    17-11-2014 10:55:14 Removed Bonjour
    17-11-2014 11:05:33 Removed Bonjour
    17-11-2014 11:09:28 Removed Silhouette Studio
    17-11-2014 23:01:25 Software Distribution Service 3.0
    18-11-2014 21:34:05 Software Distribution Service 3.0

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 12:00 - 2014-11-17 11:13 - 00450738 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-01-23 08:47 - 2011-03-23 16:32 - 01740696 _____ () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    2014-11-16 15:38 - 2014-11-03 13:56 - 04377560 ___SH () C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe
    2014-11-16 15:38 - 2014-03-07 19:56 - 00117262 ___SH () C:\Program Files\Bfascustiverculimned\libgcc_s_dw2-1.dll
    2014-11-16 15:38 - 2014-03-07 19:56 - 00970766 ___SH () C:\Program Files\Bfascustiverculimned\libstdc++-6.dll
    2014-11-16 15:38 - 2014-11-16 15:38 - 00160728 ____R () C:\Program Files\Bfascustiverculimned\BfascustiverculimnedHelper.exe
    2014-11-16 21:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-11-16 21:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2014-11-16 21:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-11-16 21:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2014-11-16 21:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-10-26 21:01 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-10-26 21:01 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk => C:\WINDOWS\pss\MagicDisc.lnkStartup
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\Matt\Local Settings\Application Data\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
    MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
    MSCONFIG\startupreg: Driver Manager => C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
    MSCONFIG\startupreg: DVDTray => C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
    MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    MSCONFIG\startupreg: iLivid => "C:\Documents and Settings\Matt\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
    MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: MobileAppSync => "C:\Program Files\Mobile App Sync\D2MClient.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    MSCONFIG\startupreg: NBJ => "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
    MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe"
    MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
    MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
    MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: WebCake Desktop => "C:\Documents and Settings\Matt\Application Data\Tepfel\WebCakeDesktop.exe"
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1004336348-776561741-682003330-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1004336348-776561741-682003330-1024 - Limited - Enabled)
    Guest (S-1-5-21-1004336348-776561741-682003330-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1004336348-776561741-682003330-1000 - Limited - Disabled)
    Joshua (S-1-5-21-1004336348-776561741-682003330-1025 - Limited - Enabled)
    Matt (S-1-5-21-1004336348-776561741-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt
    Naomi (S-1-5-21-1004336348-776561741-682003330-1022 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Naomi.DESKTOP.000
    SUPPORT_388945a0 (S-1-5-21-1004336348-776561741-682003330-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/19/2014 00:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application frst[1].exe, version 19.11.2014.0, faulting module frst[1].exe, version 19.11.2014.0, fault address 0x0001f09e.
    Processing media-specific event for [frst[1].exe!ws!]

    Error: (11/19/2014 11:52:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/18/2014 09:35:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/18/2014 09:35:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/18/2014 09:35:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/18/2014 09:34:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/18/2014 09:34:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/18/2014 00:39:59 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1180947459.

    Error: (11/18/2014 00:39:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/18/2014 00:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


    System errors:
    =============
    Error: (11/19/2014 11:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942402

    Error: (11/19/2014 10:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942402

    Error: (11/19/2014 09:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942402

    Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
    %%2

    Error: (11/18/2014 09:35:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2878303).

    Error: (11/18/2014 09:35:20 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).

    Error: (11/18/2014 09:35:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760494).

    Error: (11/18/2014 09:34:58 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Publisher 2003 (KB2878299).


    Microsoft Office Sessions:
    =========================
    Error: (11/19/2014 00:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: frst[1].exe19.11.2014.0frst[1].exe19.11.2014.00001f09e

    Error: (11/19/2014 11:52:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (11/18/2014 09:35:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)

    Error: (11/18/2014 09:35:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)

    Error: (11/18/2014 09:35:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)

    Error: (11/18/2014 09:34:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)

    Error: (11/18/2014 09:34:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)

    Error: (11/18/2014 00:39:59 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1180947459

    Error: (11/18/2014 00:39:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (11/18/2014 00:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
    Percentage of memory in use: 35%
    Total physical RAM: 2794.67 MB
    Available physical RAM: 1791.41 MB
    Total Pagefile: 5434.84 MB
    Available Pagefile: 4521.99 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1921.28 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.76 GB) (Free:326.02 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2343CA6A)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2014-11-19 12:29:45
    -----------------------------
    12:29:45.062 OS Version: Windows 5.1.2600 Service Pack 3
    12:29:45.062 Number of processors: 2 586 0x2A07
    12:29:45.062 ComputerName: DESKTOP UserName: Matt
    12:29:51.859 Initialize success
    12:29:52.000 VM: initialized successfully
    12:29:52.000 VM: Intel CPU supported
    12:29:54.328 VM: supported disk I/O atapi.sys
    12:41:03.343 AVAST engine defs: 14111900
    12:41:55.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    12:41:55.250 Disk 0 Vendor: ST320DM000-1BC14C JC4B Size: 305245MB BusType: 3
    12:41:55.421 Disk 0 MBR read successfully
    12:41:55.421 Disk 0 MBR scan
    12:41:55.484 Disk 0 Windows XP default MBR code
    12:41:55.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
    12:41:55.484 Disk 0 default boot code
    12:41:55.500 Disk 0 scanning sectors +976768065
    12:41:55.546 Disk 0 scanning C:\WINDOWS\system32\drivers
    12:42:41.296 Service scanning
    12:43:44.187 Modules scanning
    12:43:44.187 Disk 0 trace - called modules:
    12:43:44.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    12:43:44.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae11ab8]
    12:43:44.218 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ae06f18]
    12:43:44.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad77940]
    12:43:50.906 AVAST engine scan C:\WINDOWS
    12:44:12.765 AVAST engine scan C:\WINDOWS\system32
    12:56:06.906 AVAST engine scan C:\WINDOWS\system32\drivers
    12:57:02.843 AVAST engine scan C:\Documents and Settings\Matt
    12:59:54.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\MBR.dat"
    12:59:54.921 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\aswMBR.txt"
    13:00:05.046 Disk 0 statistics 1955712/0/0 @ 1.45 MB/s
    13:00:05.046 Scan stopped
    13:00:06.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    13:00:06.718 Disk 0 Vendor: ST320DM000-1BC14C JC4B Size: 305245MB BusType: 3
    13:00:06.718 Disk 0 MBR read successfully
    13:00:06.718 Disk 0 MBR scan
    13:00:06.718 Disk 0 Windows XP default MBR code
    13:00:06.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
    13:00:06.734 Disk 0 default boot code
    13:00:06.750 Disk 0 scanning sectors +976768065
    13:00:06.765 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:00:06.765 Service scanning
    13:03:40.875 Modules scanning
    13:03:40.875 Disk 0 trace - called modules:
    13:03:40.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    13:03:40.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae11ab8]
    13:03:40.890 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ae06f18]
    13:03:40.890 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad77940]
    13:04:32.000 AVAST engine scan C:\WINDOWS
    13:05:04.609 AVAST engine scan C:\WINDOWS\system32
    13:16:28.390 AVAST engine scan C:\WINDOWS\system32\drivers
    13:17:44.296 AVAST engine scan C:\Documents and Settings\Matt
    14:23:57.031 AVAST engine scan C:\Documents and Settings\All Users
    14:26:50.390 Disk 0 statistics 5288485/0/0 @ 0.54 MB/s
    14:26:50.390 Scan finished successfully
    14:56:45.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\MBR.dat"
    14:56:45.828 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\aswMBR.txt"
    Last edited by tashi; 2014-11-19 at 19:11. Reason: Merged 3 posts. :-)

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi,
    We will delete a service and get two downloads and download FRST again.

    Go to Start>Run and type in cmd.exe and click enter. A windows command prompt should open. At the blinking >_ copy paste in whats below in the box:
    Copy/paste the first line then click enter, then the next line, click enter. Reboot your machine afterwards.

    Code:
    sc stop Bfascustiverculimned
    sc delete Bfascustiverculimned
    Next: download and run Adwcleaner:

    Please download Adwcleaner.exe to your desktop.
    click on AdwCleaner.exe,
    Click on the Scan button
    Once the scan is done click on the Clean button. Items for removal will be checked for you.
    Machine will reboot to finish. After the restart it will display a log. Please post the log in your reply.

    Next: Download minitoolbox:
    http://www.bleepingcomputer.com/down...toolbox/dl/65/

    Checkmark following boxes:

    Reset IE Proxy Settings
    Reset FF Proxy Settings
    Click Go and post the results in your reply.

    Third: you will have to redownload FRST again. You having it running out of a temp directory: ( C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB)
    Download it again and save it to your desktop or at least somewhere other than a temp directory.

    http://www.bleepingcomputer.com/down...ery-scan-tool/

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

    The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
    How Can I Reduce My Risk?

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    please follow shelf life.
    Last edited by Juliet; 2014-11-21 at 01:18.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Junior Member
    Join Date
    Nov 2014
    Posts
    2

    Default

    Many thanks:

    # AdwCleaner v4.102 - Report created 24/11/2014 at 11:17:41
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-23.7 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Matt - DESKTOP
    # Running from : C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\7D6GYH2S\AdwCleaner[1].exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\wincert
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Wondershare
    Folder Deleted : C:\Program Files\globalUpdate
    Folder Deleted : C:\Program Files\iwintoolbarforpogo
    Folder Deleted : C:\Program Files\Settings Manager
    Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
    Folder Deleted : C:\Program Files\Wondershare
    Folder Deleted : C:\Program Files\Common Files\Wondershare
    Folder Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\globalUpdate
    Folder Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Wondershare
    Folder Deleted : C:\DOCUME~1\Matt\LOCALS~1\Temp\BrowseMark
    Folder Deleted : C:\Documents and Settings\Matt\Application Data\MetaCrawler
    Folder Deleted : C:\Documents and Settings\Matt\Application Data\searchquband
    Folder Deleted : C:\Documents and Settings\Matt\My Documents\PC Health Kit
    File Deleted : C:\DOCUME~1\Matt\LOCALS~1\Temp\Uninstall.exe
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\d
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
    Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
    Key Deleted : HKCU\Software\5252dfdab234ec41
    Key Deleted : HKLM\SOFTWARE\5252dfdab234ec41
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2476000
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2878731
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275549}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276649}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
    Key Deleted : HKCU\Software\Ask&Record
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
    Key Deleted : HKCU\Software\Linkey
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\OCS
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\Red Sky
    Key Deleted : HKCU\Software\Search Extensions
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\StormWatch
    Key Deleted : HKCU\Software\onekit
    Key Deleted : HKLM\SOFTWARE\AskBarDis
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\ImInstaller
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\InstalledThirdPartyPrograms
    Key Deleted : HKLM\SOFTWARE\Myfree Codec
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ObronaBlockAds
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Cleaner_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\metaCrawler
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v

    [C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
    [C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
    [C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
    [C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
    [C:\Documents and Settings\Naomi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh
    [C:\Documents and Settings\Naomi.DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
    [C:\Documents and Settings\Naomi.DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
    [C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyCtFtCtDzyyBtN1L1Czu&cr=879375569&ir=
    [C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frmr_14_17_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0F0ByB0FyEtByCzztDtDtN0D0Tzu0SzzyEyBtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0BzztBzz0AyCzytGtAtDyC0EtGyCyCtDyBtGtD0BzytDtGyCzyzztCyE0F0D0EyC0FyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0DyB0A0DyCtGtAyDtC0BtGzz0C0C0DtG0EyCyB0CtGtDzy0B0B0Dzy0F0CzztC0E0A2Q&cr=1845514874&ir=
    [C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
    [C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
    [C:\Documents and Settings\Naomi.DESKTOP.000\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff

    *************************

    AdwCleaner[R0].txt - [20704 octets] - [24/11/2014 11:13:37]
    AdwCleaner[S0].txt - [20612 octets] - [24/11/2014 11:17:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20673 octets] ##########




    MiniToolBox by Farbar Version: 21-07-2014
    Ran by Matt (administrator) on 24-11-2014 at 11:24:45
    Running from "C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\7D6GYH2S"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    **** End of log ****




    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
    Ran by Matt (administrator) on DESKTOP on 24-11-2014 11:27:36
    Running from C:\Program Files
    Loaded Profile: Matt (Available profiles: Matt & Naomi)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Run: [Norton Download Manager{N360212038-SHPD-FSD40014}] => C:\Documents and Settings\All Users\Documents\Norton\{N360212038-SHPD-FSD40014}\NortonN360Downloader.exe [1021856 2014-04-27] (Symantec Corporation)
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {2f52ad7c-8929-11e1-8f06-002522eb098f} - E:\AutoRun.exe
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce5c-459e-11e1-a9a6-c4d98d73c5c9} - E:\AutoRun.exe
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce60-459e-11e1-a9a6-e009794f29f9} - E:\AutoRun.exe
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {c15dca14-cf22-11e1-8f94-002522eb098f} - E:\AutoRun.exe
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} https://authenticate.gateway.gov.uk/...lInstaller.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
    DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/appl...orLauncher.cab
    DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-28]
    FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
    CHR Extension: (YouTube) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
    CHR Extension: (Google Search) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-23] () [File not signed]
    R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
    R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
    R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.)
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-07-20] (Hewlett-Packard Company) [File not signed]
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd) [File not signed]
    S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [541548 2003-12-19] (Realtek Semiconductor Corp.) [File not signed]
    S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
    S3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
    S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
    S3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
    S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2008-07-07] (Creative Technology Ltd)
    S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
    S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
    S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
    S3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
    R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
    S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
    R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-06] (GFI Software)
    S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797720 2008-07-07] (Creative Technology Ltd)
    S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2008-07-07] (Creative Technology Ltd)
    S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2008-07-07] (Creative Technology Ltd)
    R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2008-07-28] (MagicISO, Inc.) [File not signed]
    R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
    R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 netwg311; C:\WINDOWS\System32\DRIVERS\netwg311.sys [386688 2008-07-23] (Texas Instruments)
    S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
    R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1332064 2010-06-21] (Ralink Technology, Corp.)
    S3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [65280 2003-08-13] (Realtek Semiconductor Corporation ) [File not signed]
    R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
    S3 V0080Dev; C:\WINDOWS\System32\DRIVERS\V0080Dev.sys [503467 2004-08-10] (Creative Technology Ltd.) [File not signed]
    R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.)
    S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
    S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
    S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
    S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
    S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S2 Scutum50; System32\Drivers\Scutum50.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-24 11:27 - 2014-11-24 11:28 - 00017640 _____ () C:\Program Files\FRST.txt
    2014-11-24 11:26 - 2014-11-24 11:26 - 01110016 _____ (Farbar) C:\Program Files\FRST.exe
    2014-11-24 11:24 - 2014-11-24 11:24 - 00000446 _____ () C:\Documents and Settings\Matt\Desktop\Result.txt
    2014-11-24 11:13 - 2014-11-24 11:17 - 00000000 ____D () C:\AdwCleaner
    2014-11-23 09:47 - 2014-11-23 09:47 - 00000696 _____ () C:\Documents and Settings\All Users\Desktop\World of Warplanes.lnk
    2014-11-23 09:47 - 2014-11-23 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\World of Warplanes
    2014-11-22 11:25 - 2014-11-22 11:25 - 00000663 _____ () C:\Documents and Settings\All Users\Desktop\World of Tanks.lnk
    2014-11-22 11:25 - 2014-11-22 11:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\World of Tanks
    2014-11-19 12:23 - 2014-11-24 11:28 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\FIX
    2014-11-19 12:17 - 2014-11-24 11:27 - 00000000 ____D () C:\FRST
    2014-11-19 11:54 - 2014-11-19 11:54 - 04215584 _____ () C:\Documents and Settings\Matt\Desktop\tweaking.com_registry_backup_setup.exe
    2014-11-19 11:54 - 2014-11-19 11:54 - 00001876 _____ () C:\Documents and Settings\Matt\Desktop\Tweaking.com - Registry Backup.lnk
    2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\RegBackup
    2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\Documents and Settings\Matt\Start Menu\Programs\Tweaking.com
    2014-11-17 11:51 - 2014-11-17 11:51 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\ProcAlyzer Dumps
    2014-11-17 11:13 - 2014-11-17 09:09 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-111334.backup
    2014-11-17 09:09 - 2014-11-16 21:19 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-090951.backup
    2014-11-16 21:19 - 2013-10-28 16:51 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141116-211904.backup
    2014-11-16 21:02 - 2014-11-24 11:21 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2014-11-16 21:02 - 2014-11-17 11:13 - 00000618 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-11-16 21:02 - 2014-11-17 11:13 - 00000448 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
    2014-11-16 21:01 - 2014-11-16 21:01 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
    2014-11-16 21:01 - 2014-11-16 21:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-11-16 21:01 - 2014-11-16 21:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
    2014-11-16 21:01 - 2014-11-16 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-11-16 21:00 - 2014-11-17 11:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2014-11-16 21:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
    2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
    2014-11-16 15:29 - 2014-11-16 15:29 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-16 15:12 - 2014-11-16 15:12 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\terraria-server
    2014-11-16 15:11 - 2014-11-16 15:11 - 00485905 _____ () C:\Documents and Settings\Matt\Desktop\terraria-server.zip
    2014-11-12 16:49 - 2014-11-12 16:50 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-11-09 14:59 - 2014-11-09 14:58 - 00106496 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
    2014-11-09 12:53 - 2014-11-09 12:53 - 00019962 _____ () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE.htm
    2014-11-09 12:53 - 2014-11-09 12:53 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE_files
    2014-11-08 15:02 - 2014-11-08 15:10 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.technic
    2014-10-29 18:15 - 2014-10-30 07:13 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\ftblauncher
    2014-10-26 21:04 - 2014-10-26 21:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
    2014-10-26 21:01 - 2014-10-26 21:05 - 00010580 _____ () C:\WINDOWS\KB952011.log
    2014-10-26 20:59 - 2014-10-26 21:26 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\Wondershare Video Editor
    2014-10-26 20:59 - 2008-04-14 00:11 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-24 11:28 - 2008-07-23 20:01 - 00000000 ___HD () C:\Documents and Settings\Matt\Local Settings\Temp
    2014-11-24 11:28 - 2008-07-23 19:56 - 01970804 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-24 11:22 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-11-24 11:21 - 2008-07-23 20:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-24 11:21 - 2008-07-23 20:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-24 11:20 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
    2014-11-24 11:20 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
    2014-11-24 11:20 - 2014-03-27 07:07 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-11-24 11:20 - 2013-08-13 06:26 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job
    2014-11-24 11:19 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-24 11:18 - 2008-07-23 20:01 - 00032236 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-24 11:18 - 2008-07-23 20:01 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
    2014-11-24 10:50 - 2013-08-28 12:17 - 00686166 _____ () C:\WINDOWS\setupapi.log
    2014-11-24 10:49 - 2012-04-15 07:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-11-24 10:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
    2014-11-23 21:20 - 2013-08-13 06:26 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job
    2014-11-23 19:07 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2014-11-23 09:47 - 2013-10-15 14:13 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
    2014-11-23 09:47 - 2013-10-15 14:13 - 00000000 ____D () C:\Games
    2014-11-23 09:47 - 2008-07-23 19:56 - 00000000 ____D () C:\WINDOWS\system32\DirectX
    2014-11-21 13:28 - 2013-08-16 06:15 - 00002474 _____ () C:\WINDOWS\setupact.log
    2014-11-21 09:53 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\Matt
    2014-11-21 08:29 - 2008-10-20 12:03 - 00000000 ____D () C:\Program Files\Google
    2014-11-19 11:54 - 2013-10-28 16:43 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-11-19 10:02 - 2008-10-27 11:32 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-11-19 09:52 - 2011-06-24 13:17 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\My PSP8 Files
    2014-11-18 21:04 - 2014-09-01 08:18 - 00001171 _____ () C:\Documents and Settings\Matt\Application Data\UWRVKX
    2014-11-17 14:28 - 2014-10-12 11:04 - 00000000 ____D () C:\Avenger
    2014-11-17 11:51 - 2008-07-23 20:45 - 00000245 ___SH () C:\boot.ini
    2014-11-17 11:15 - 2013-08-10 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2014-11-17 09:54 - 2014-07-26 21:24 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-16 23:30 - 2011-12-24 07:34 - 00006730 _____ () C:\WINDOWS\wininit.ini
    2014-11-16 21:00 - 2013-08-10 20:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2014-11-16 17:36 - 2012-04-02 16:04 - 00000000 ____D () C:\Program Files\Audacity
    2014-11-16 15:45 - 2011-12-23 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Westwood
    2014-11-16 15:45 - 2011-11-05 17:03 - 00000000 ____D () C:\Westwood
    2014-11-16 15:34 - 2014-03-26 16:35 - 00000000 ____D () C:\Program Files\WarThunder
    2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-13 07:42 - 2011-11-14 11:01 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    2014-11-12 23:17 - 2013-08-16 06:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-12 23:03 - 2008-07-23 21:13 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-12 16:51 - 2012-04-15 07:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-12 16:51 - 2011-06-28 06:20 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-12 16:18 - 2012-08-29 11:43 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.minecraft
    2014-11-08 15:00 - 2014-03-27 07:07 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-10-27 08:49 - 2008-07-23 20:46 - 03672968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-26 21:05 - 2013-08-16 06:15 - 00378652 _____ () C:\WINDOWS\iis6.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00331599 _____ () C:\WINDOWS\FaxSetup.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00168468 _____ () C:\WINDOWS\ocgen.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00155162 _____ () C:\WINDOWS\tsoc.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00110994 _____ () C:\WINDOWS\comsetup.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00107462 _____ () C:\WINDOWS\msmqinst.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00068399 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00058693 _____ () C:\WINDOWS\netfxocm.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00023455 _____ () C:\WINDOWS\MedCtrOC.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00018656 _____ () C:\WINDOWS\ocmsn.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00016981 _____ () C:\WINDOWS\msgsocm.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00016483 _____ () C:\WINDOWS\tabletoc.log
    2014-10-26 21:05 - 2013-08-16 06:15 - 00001393 _____ () C:\WINDOWS\imsins.log
    2014-10-26 21:05 - 2011-06-12 16:02 - 00121720 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2014-10-26 09:22 - 2008-07-23 20:47 - 00572762 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At1.job


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Matt\Local Settings\Temp\DataCard_Setup.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\ResetDevice.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Matt\Local Settings\Temp\_is134.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
    Ran by Matt at 2014-11-24 11:29:22
    Running from C:\Program Files
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3Connect (HKLM\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.7.110 - Asmedia Technology)
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.541-080923a-069992C-ATI - )
    authorSTREAM Desktop (HKLM\...\{E4EE090D-7680-414E-9FB7-737A85A5DBE1}) (Version: 2.0.0 - authorstream)
    Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
    Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
    Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version: - )
    Canon MG3100 series User Registration (HKLM\...\Canon MG3100 series User Registration) (Version: - )
    Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Creative Audio Console (HKLM\...\AudioConSole) (Version: - )
    Creative WebCam Live! Pro Driver (1.00.06.0811) (HKLM\...\Creative VF0080) (Version: - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    Dell Driver Download Manager (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
    DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
    Huawei modem (HKLM\...\Huawei Modems) (Version: - )
    Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5328 - Intel Corporation)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
    Keynote Connector (HKLM\...\KeynoteConnector) (Version: - )
    LightScribe 1.4.109.1 (Version: 1.4.109.1 - http://www.lightscribe.com) Hidden
    Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
    MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MyFreeCodec) (Version: - )
    MyOffice.NET (HKLM\...\MyOffice.NET) (Version: 7.0.66 - Intuitive Solutions Ltd.)
    MyOffice.NET (Version: 7.0.66 - Intuitive Solutions Ltd.) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PageBreeze Free HTML Editor (HKLM\...\PageBreeze Free HTML Editor) (Version: - )
    Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    QuickTime Alternative 2.7.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.7.0 - )
    Ralink RT3690 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.8.0 - Ralink)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.9 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
    VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Westwood Shared Internet Components (HKLM\...\{11081AC0-61C4-40DD-8506-B64A3E4F2645}_is1) (Version: - Command & Conquer Communications Center / Westwood)
    Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )
    Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    World of Tanks (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
    World of Warplanes (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net)
    Xara Web Designer 7 (HKLM\...\MAGIX_MSI_Xara_Web_Designer_7) (Version: 7.1.2.18332 - Xara Group Ltd)
    Xara Web Designer 7 (Version: 7.1.2.18332 - Xara Group Ltd) Hidden
    Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
    YouTube Downloader Toolbar v4.7 (HKLM\...\{3F2B3914-A927-4D1E-8417-E7B7C3339434}) (Version: 4.7 - Spigot, Inc.) <==== ATTENTION

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll N (the data entry has 6 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll N (the data entry has 6 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 4 more characters).

    ==================== Restore Points =========================

    29-08-2014 17:08:04 Software Distribution Service 3.0
    29-08-2014 22:00:44 Software Distribution Service 3.0
    30-08-2014 22:00:46 Software Distribution Service 3.0
    31-08-2014 22:01:21 Software Distribution Service 3.0
    02-09-2014 05:29:38 Software Distribution Service 3.0
    03-09-2014 05:42:50 Software Distribution Service 3.0
    03-09-2014 22:01:16 Software Distribution Service 3.0
    04-09-2014 22:02:03 Software Distribution Service 3.0
    05-09-2014 22:01:51 Software Distribution Service 3.0
    06-09-2014 22:00:46 Software Distribution Service 3.0
    07-09-2014 22:01:43 Software Distribution Service 3.0
    08-09-2014 22:03:28 Software Distribution Service 3.0
    09-09-2014 22:01:52 Software Distribution Service 3.0
    10-09-2014 18:24:24 Software Distribution Service 3.0
    11-09-2014 18:57:27 System Checkpoint
    11-09-2014 22:01:49 Software Distribution Service 3.0
    12-09-2014 22:01:05 Software Distribution Service 3.0
    13-09-2014 22:02:41 Software Distribution Service 3.0
    14-09-2014 22:02:12 Software Distribution Service 3.0
    15-09-2014 22:01:35 Software Distribution Service 3.0
    16-09-2014 22:01:53 Software Distribution Service 3.0
    18-09-2014 05:16:54 Software Distribution Service 3.0
    18-09-2014 22:01:29 Software Distribution Service 3.0
    19-09-2014 22:02:00 Software Distribution Service 3.0
    20-09-2014 22:01:12 Software Distribution Service 3.0
    21-09-2014 22:01:38 Software Distribution Service 3.0
    22-09-2014 22:01:42 Software Distribution Service 3.0
    23-09-2014 22:01:20 Software Distribution Service 3.0
    24-09-2014 22:02:04 Software Distribution Service 3.0
    25-09-2014 22:01:52 Software Distribution Service 3.0
    26-09-2014 22:01:50 Software Distribution Service 3.0
    27-09-2014 22:01:14 Software Distribution Service 3.0
    28-09-2014 22:00:47 Software Distribution Service 3.0
    29-09-2014 22:01:43 Software Distribution Service 3.0
    30-09-2014 22:01:49 Software Distribution Service 3.0
    01-10-2014 22:01:56 Software Distribution Service 3.0
    02-10-2014 22:02:00 Software Distribution Service 3.0
    03-10-2014 22:00:48 Software Distribution Service 3.0
    05-10-2014 07:06:39 Software Distribution Service 3.0
    05-10-2014 22:01:43 Software Distribution Service 3.0
    07-10-2014 06:32:59 Software Distribution Service 3.0
    07-10-2014 22:05:04 Software Distribution Service 3.0
    08-10-2014 22:01:42 Software Distribution Service 3.0
    09-10-2014 22:01:21 Software Distribution Service 3.0
    10-10-2014 22:01:38 Software Distribution Service 3.0
    12-10-2014 09:18:51 Software Distribution Service 3.0
    12-10-2014 11:21:57 Removed Samsung Kies
    12-10-2014 11:31:10 Removed Samsung Story Album Viewer
    12-10-2014 22:02:03 Software Distribution Service 3.0
    13-10-2014 22:01:45 Software Distribution Service 3.0
    14-10-2014 22:01:41 Software Distribution Service 3.0
    15-10-2014 22:01:34 Software Distribution Service 3.0
    16-10-2014 22:01:53 Software Distribution Service 3.0
    17-10-2014 22:01:58 Software Distribution Service 3.0
    18-10-2014 22:01:19 Software Distribution Service 3.0
    19-10-2014 22:02:48 Software Distribution Service 3.0
    20-10-2014 22:01:48 Software Distribution Service 3.0
    21-10-2014 22:01:25 Software Distribution Service 3.0
    22-10-2014 22:00:51 Software Distribution Service 3.0
    23-10-2014 22:01:52 Software Distribution Service 3.0
    24-10-2014 22:01:38 Software Distribution Service 3.0
    26-10-2014 09:21:35 Software Distribution Service 3.0
    26-10-2014 21:04:46 Installed Windows XP -- Software Updates KB952011.
    26-10-2014 23:01:17 Software Distribution Service 3.0
    27-10-2014 23:01:42 Software Distribution Service 3.0
    28-10-2014 23:01:27 Software Distribution Service 3.0
    29-10-2014 23:01:37 Software Distribution Service 3.0
    30-10-2014 23:01:59 Software Distribution Service 3.0
    31-10-2014 23:01:19 Software Distribution Service 3.0
    01-11-2014 23:01:58 Software Distribution Service 3.0
    03-11-2014 07:35:21 Software Distribution Service 3.0
    03-11-2014 23:00:47 Software Distribution Service 3.0
    04-11-2014 22:17:59 Software Distribution Service 3.0
    05-11-2014 22:53:36 System Checkpoint
    05-11-2014 23:01:22 Software Distribution Service 3.0
    07-11-2014 08:31:24 Software Distribution Service 3.0
    07-11-2014 23:01:21 Software Distribution Service 3.0
    08-11-2014 23:02:03 Software Distribution Service 3.0
    09-11-2014 23:01:15 Software Distribution Service 3.0
    10-11-2014 23:01:50 Software Distribution Service 3.0
    12-11-2014 08:08:36 Software Distribution Service 3.0
    12-11-2014 23:01:37 Software Distribution Service 3.0
    13-11-2014 23:02:02 Software Distribution Service 3.0
    14-11-2014 12:35:31 Software Distribution Service 3.0
    14-11-2014 23:01:57 Software Distribution Service 3.0
    16-11-2014 15:33:13 Removed Governor of Poker 2
    16-11-2014 15:48:31 Removed Google Earth.
    16-11-2014 23:01:19 Software Distribution Service 3.0
    17-11-2014 10:55:14 Removed Bonjour
    17-11-2014 11:05:33 Removed Bonjour
    17-11-2014 11:09:28 Removed Silhouette Studio
    17-11-2014 23:01:25 Software Distribution Service 3.0
    18-11-2014 21:34:05 Software Distribution Service 3.0
    19-11-2014 21:55:28 System Checkpoint
    19-11-2014 23:01:22 Software Distribution Service 3.0
    20-11-2014 23:00:50 Software Distribution Service 3.0
    21-11-2014 09:54:33 Software Distribution Service 3.0
    21-11-2014 23:00:55 Software Distribution Service 3.0
    23-11-2014 06:13:33 Software Distribution Service 3.0
    23-11-2014 23:01:19 Software Distribution Service 3.0

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 12:00 - 2014-11-17 11:13 - 00450738 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe

    ==================== Loaded Modules (whitelisted) =============

    2008-07-27 08:44 - 2005-10-07 14:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
    2014-11-16 21:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-11-16 21:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-01-23 08:47 - 2011-03-23 16:32 - 01740696 _____ () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    2014-11-16 21:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-11-16 21:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2014-11-16 21:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk => C:\WINDOWS\pss\MagicDisc.lnkStartup
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\Matt\Local Settings\Application Data\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
    MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
    MSCONFIG\startupreg: Driver Manager => C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
    MSCONFIG\startupreg: DVDTray => C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
    MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    MSCONFIG\startupreg: iLivid => "C:\Documents and Settings\Matt\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
    MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: MobileAppSync => "C:\Program Files\Mobile App Sync\D2MClient.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    MSCONFIG\startupreg: NBJ => "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
    MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe"
    MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
    MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
    MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: WebCake Desktop => "C:\Documents and Settings\Matt\Application Data\Tepfel\WebCakeDesktop.exe"
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1004336348-776561741-682003330-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1004336348-776561741-682003330-1024 - Limited - Enabled)
    Guest (S-1-5-21-1004336348-776561741-682003330-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1004336348-776561741-682003330-1000 - Limited - Disabled)
    Joshua (S-1-5-21-1004336348-776561741-682003330-1025 - Limited - Enabled)
    Matt (S-1-5-21-1004336348-776561741-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt
    Naomi (S-1-5-21-1004336348-776561741-682003330-1022 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Naomi.DESKTOP.000
    SUPPORT_388945a0 (S-1-5-21-1004336348-776561741-682003330-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/23/2014 11:02:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 11:02:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 11:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 11:02:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 11:01:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 06:15:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 06:15:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 06:15:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 06:14:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/23/2014 06:14:25 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


    System errors:
    =============
    Error: (11/24/2014 11:17:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/24/2014 11:07:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error: (11/24/2014 11:07:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (11/24/2014 11:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
    %%2

    Error: (11/24/2014 11:05:59 AM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.0.4 for the Network Card with network address 48022AFB7F42 has been
    denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    Error: (11/24/2014 10:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942402

    Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (11/24/2014 10:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (11/23/2014 11:02:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)

    Error: (11/23/2014 11:02:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)

    Error: (11/23/2014 11:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)

    Error: (11/23/2014 11:02:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)

    Error: (11/23/2014 11:01:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)

    Error: (11/23/2014 06:15:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)

    Error: (11/23/2014 06:15:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)

    Error: (11/23/2014 06:15:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)

    Error: (11/23/2014 06:14:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)

    Error: (11/23/2014 06:14:25 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
    Percentage of memory in use: 33%
    Total physical RAM: 2794.67 MB
    Available physical RAM: 1866.04 MB
    Total Pagefile: 5434.84 MB
    Available Pagefile: 4595.84 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1916.4 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.76 GB) (Free:295.65 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2343CA6A)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Ok so far so good. We will use FRST to delete some items then get one more download to use:

    Please copy and paste the contents of the below code box into the open notepad and save it to your desktop as fixlist.txt

    Code:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1004336348-776561741-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
    2014-11-24 11:20 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
    2014-11-24 11:20 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
    2014-11-24 10:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
    2014-11-24 11:19 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-24 11:18 - 2008-07-23 20:01 - 00032236 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
    C:\Windows\Tasks\At1.job
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
    Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe
    AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792
    EmptyTemp:
    Start FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
    When done the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

    You can get JRT.exe and see if it can dig up anything, it also targets adware type stuff

    Please download Junkware Removal Tool to your desktop.

    http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •