-
Unknown Malware/Browser Hijak help please
Hi could anyone help please?
I have some sort of malware, it causes various different pop up windows/browser hijaks etc. Regularly causes scripts to stop running, crashes browser entirely/slow pc etc
Spybot + AV found stuff, but fixing them hasn't fixed the problem. Ditto Malwarebytes Anti-Malware.
I've uninstalled chrome, but still have the problem on IE
Do I just go ahead and post the logs outlined above?
Edit Forum FAQ: http://forums.spybot.info/showthread.php?t=288
TIA
Sparks
Ok so looking at other threads (the best I can with my dodgy browser), it seems so:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Matt (administrator) on DESKTOP on 19-11-2014 12:22:55
Running from C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB
Loaded Profile: Matt (Available profiles: Matt & Naomi)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
() C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
() C:\Program Files\Bfascustiverculimned\BfascustiverculimnedHelper.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB\FRST[1].exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Run: [Norton Download Manager{N360212038-SHPD-FSD40014}] => C:\Documents and Settings\All Users\Documents\Norton\{N360212038-SHPD-FSD40014}\NortonN360Downloader.exe [1021856 2014-04-27] (Symantec Corporation)
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {2f52ad7c-8929-11e1-8f06-002522eb098f} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce5c-459e-11e1-a9a6-c4d98d73c5c9} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {6693ce60-459e-11e1-a9a6-e009794f29f9} - E:\AutoRun.exe
HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MountPoints2: {c15dca14-cf22-11e1-8f94-002522eb098f} - E:\AutoRun.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1004336348-776561741-682003330-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1004336348-776561741-682003330-1003] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKU\S-1-5-21-1004336348-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=297&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1004336348-776561741-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} https://authenticate.gateway.gov.uk/...lInstaller.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/appl...orLauncher.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1004336348-776561741-682003330-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw
Chrome:
=======
CHR Profile: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx []
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx []
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-23] () [File not signed]
R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 Bfascustiverculimned; C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe [4377560 2014-11-03] ()
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-07-20] (Hewlett-Packard Company) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd) [File not signed]
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [541548 2003-12-19] (Realtek Semiconductor Corp.) [File not signed]
S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
S3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2008-07-07] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) [File not signed]
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) [File not signed]
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-06] (GFI Software)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797720 2008-07-07] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2008-07-07] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2008-07-07] (Creative Technology Ltd)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2008-07-28] (MagicISO, Inc.) [File not signed]
R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 netwg311; C:\WINDOWS\System32\DRIVERS\netwg311.sys [386688 2008-07-23] (Texas Instruments)
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1332064 2010-06-21] (Ralink Technology, Corp.)
S3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [65280 2003-08-13] (Realtek Semiconductor Corporation ) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 V0080Dev; C:\WINDOWS\System32\DRIVERS\V0080Dev.sys [503467 2004-08-10] (Creative Technology Ltd.) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 Scutum50; System32\Drivers\Scutum50.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 12:17 - 2014-11-19 12:22 - 00000000 ____D () C:\FRST
2014-11-19 11:54 - 2014-11-19 11:54 - 04215584 _____ () C:\Documents and Settings\Matt\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-19 11:54 - 2014-11-19 11:54 - 00001876 _____ () C:\Documents and Settings\Matt\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\RegBackup
2014-11-19 11:54 - 2014-11-19 11:54 - 00000000 ____D () C:\Documents and Settings\Matt\Start Menu\Programs\Tweaking.com
2014-11-17 11:51 - 2014-11-17 11:51 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\ProcAlyzer Dumps
2014-11-17 11:13 - 2014-11-17 09:09 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-111334.backup
2014-11-17 09:09 - 2014-11-16 21:19 - 00450738 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141117-090951.backup
2014-11-16 21:19 - 2013-10-28 16:51 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141116-211904.backup
2014-11-16 21:02 - 2014-11-19 08:53 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-16 21:02 - 2014-11-17 11:13 - 00000618 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-16 21:02 - 2014-11-17 11:13 - 00000448 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-11-16 21:01 - 2014-11-16 21:01 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-11-16 21:01 - 2014-11-16 21:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-16 21:01 - 2014-11-16 21:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-11-16 21:01 - 2014-11-16 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-16 21:00 - 2014-11-17 11:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-16 21:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-11-16 15:37 - 2014-11-16 15:38 - 00000000 __SHD () C:\Program Files\Bfascustiverculimned
2014-11-16 15:29 - 2014-11-16 15:29 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 15:12 - 2014-11-16 15:12 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\terraria-server
2014-11-16 15:11 - 2014-11-16 15:11 - 00485905 _____ () C:\Documents and Settings\Matt\Desktop\terraria-server.zip
2014-11-12 16:49 - 2014-11-12 16:50 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-09 14:59 - 2014-11-09 14:58 - 00106496 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
2014-11-09 12:53 - 2014-11-09 12:53 - 00019962 _____ () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE.htm
2014-11-09 12:53 - 2014-11-09 12:53 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\STEAM GUARANTEE_files
2014-11-08 15:02 - 2014-11-08 15:10 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.technic
2014-10-29 18:15 - 2014-10-30 07:13 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\ftblauncher
2014-10-26 21:05 - 2014-10-26 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Wondershare
2014-10-26 21:04 - 2014-10-26 21:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-10-26 21:01 - 2014-10-26 21:05 - 00010580 _____ () C:\WINDOWS\KB952011.log
2014-10-26 21:01 - 2014-10-26 21:01 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-10-26 21:01 - 2014-10-26 21:01 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Application Data\Wondershare
2014-10-26 20:59 - 2014-10-26 21:26 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\Wondershare Video Editor
2014-10-26 20:59 - 2008-04-14 00:11 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 12:23 - 2008-07-23 20:01 - 00000000 ___HD () C:\Documents and Settings\Matt\Local Settings\Temp
2014-11-19 12:22 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-19 12:20 - 2013-08-13 06:26 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job
2014-11-19 11:54 - 2013-10-28 16:43 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-19 11:49 - 2012-04-15 07:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-19 11:47 - 2013-10-24 07:47 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-19 11:28 - 2011-06-22 11:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 10:28 - 2008-07-23 20:01 - 00032408 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-19 10:02 - 2008-10-27 11:32 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-19 09:52 - 2011-06-24 13:17 - 00000000 ____D () C:\Documents and Settings\Matt\My Documents\My PSP8 Files
2014-11-19 09:00 - 2008-07-23 19:56 - 01606183 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-19 08:51 - 2014-10-11 13:08 - 00001370 _____ () C:\WINDOWS\Tasks\UWRVKX.job
2014-11-19 08:51 - 2014-10-11 13:04 - 00001370 _____ () C:\WINDOWS\Tasks\BXNIRL.job
2014-11-19 08:51 - 2014-03-27 07:07 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-19 08:51 - 2011-06-22 11:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 08:51 - 2008-07-23 20:50 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-19 08:51 - 2008-07-23 20:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-19 08:50 - 2008-07-23 20:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 21:32 - 2008-07-23 20:01 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
2014-11-18 21:20 - 2013-08-13 06:26 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job
2014-11-18 21:04 - 2014-09-01 08:18 - 00001171 _____ () C:\Documents and Settings\Matt\Application Data\UWRVKX
2014-11-18 00:44 - 2008-07-23 20:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-11-17 14:28 - 2014-10-12 11:04 - 00000000 ____D () C:\Avenger
2014-11-17 14:19 - 2013-08-28 12:17 - 00678990 _____ () C:\WINDOWS\setupapi.log
2014-11-17 11:51 - 2008-07-23 20:45 - 00000245 ___SH () C:\boot.ini
2014-11-17 11:15 - 2013-08-10 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-11-17 11:11 - 2013-10-15 14:13 - 00000000 ____D () C:\Games
2014-11-17 09:54 - 2014-07-26 21:24 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 23:30 - 2011-12-24 07:34 - 00006730 _____ () C:\WINDOWS\wininit.ini
2014-11-16 21:00 - 2013-08-10 20:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-11-16 20:45 - 2012-01-29 08:23 - 00000000 ____D () C:\Program Files\Wondershare
2014-11-16 20:02 - 2008-10-20 12:03 - 00000000 ____D () C:\Program Files\Google
2014-11-16 17:36 - 2012-04-02 16:04 - 00000000 ____D () C:\Program Files\Audacity
2014-11-16 15:45 - 2011-12-23 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Westwood
2014-11-16 15:45 - 2011-11-05 17:03 - 00000000 ____D () C:\Westwood
2014-11-16 15:34 - 2014-03-26 16:35 - 00000000 ____D () C:\Program Files\WarThunder
2014-11-16 15:31 - 2014-10-03 16:28 - 00000000 ____D () C:\Program Files\iwintoolbarforpogo
2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-16 15:29 - 2014-07-09 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 15:06 - 2013-08-16 06:15 - 00002399 _____ () C:\WINDOWS\setupact.log
2014-11-13 07:42 - 2011-11-14 11:01 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-11-12 23:17 - 2013-08-16 06:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 23:03 - 2008-07-23 21:13 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 16:51 - 2012-04-15 07:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 16:51 - 2011-06-28 06:20 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 16:18 - 2012-08-29 11:43 - 00000000 ____D () C:\Documents and Settings\Matt\Application Data\.minecraft
2014-11-08 15:00 - 2014-03-27 07:07 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-27 08:49 - 2008-07-23 20:46 - 03672968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-26 21:05 - 2013-08-16 06:15 - 00378652 _____ () C:\WINDOWS\iis6.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00331599 _____ () C:\WINDOWS\FaxSetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00168468 _____ () C:\WINDOWS\ocgen.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00155162 _____ () C:\WINDOWS\tsoc.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00110994 _____ () C:\WINDOWS\comsetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00107462 _____ () C:\WINDOWS\msmqinst.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00068399 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00058693 _____ () C:\WINDOWS\netfxocm.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00023455 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00018656 _____ () C:\WINDOWS\ocmsn.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00016981 _____ () C:\WINDOWS\msgsocm.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00016483 _____ () C:\WINDOWS\tabletoc.log
2014-10-26 21:05 - 2013-08-16 06:15 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-26 21:05 - 2011-06-12 16:02 - 00121720 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2014-10-26 09:22 - 2008-07-23 20:47 - 00572762 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-24 21:43 - 2011-07-09 17:17 - 00966536 ___SH () C:\Documents and Settings\Matt\Desktop\Thumbs.db
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
Some content of TEMP:
====================
C:\Documents and Settings\Matt\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\Matt\Local Settings\Temp\uninstall.exe
C:\Documents and Settings\Matt\Local Settings\Temp\_is134.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by Matt at 2014-11-19 12:23:16
Running from C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CUQ88PVB
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3Connect (HKLM\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.7.110 - Asmedia Technology)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.541-080923a-069992C-ATI - )
authorSTREAM Desktop (HKLM\...\{E4EE090D-7680-414E-9FB7-737A85A5DBE1}) (Version: 2.0.0 - authorstream)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version: - )
Canon MG3100 series User Registration (HKLM\...\Canon MG3100 series User Registration) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio Console (HKLM\...\AudioConSole) (Version: - )
Creative WebCam Live! Pro Driver (1.00.06.0811) (HKLM\...\Creative VF0080) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Driver Download Manager (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Huawei modem (HKLM\...\Huawei Modems) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5328 - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Keynote Connector (HKLM\...\KeynoteConnector) (Version: - )
LightScribe 1.4.109.1 (Version: 1.4.109.1 - http://www.lightscribe.com) Hidden
Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\MyFreeCodec) (Version: - )
MyOffice.NET (HKLM\...\MyOffice.NET) (Version: 7.0.66 - Intuitive Solutions Ltd.)
MyOffice.NET (Version: 7.0.66 - Intuitive Solutions Ltd.) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PageBreeze Free HTML Editor (HKLM\...\PageBreeze Free HTML Editor) (Version: - )
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime Alternative 2.7.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.7.0 - )
Ralink RT3690 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.8.0 - Ralink)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.9 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Westwood Shared Internet Components (HKLM\...\{11081AC0-61C4-40DD-8506-B64A3E4F2645}_is1) (Version: - Command & Conquer Communications Center / Westwood)
Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1004336348-776561741-682003330-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xara Web Designer 7 (HKLM\...\MAGIX_MSI_Xara_Web_Designer_7) (Version: 7.1.2.18332 - Xara Group Ltd)
Xara Web Designer 7 (Version: 7.1.2.18332 - Xara Group Ltd) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
YouTube Downloader 3.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)
YouTube Downloader Toolbar v4.7 (HKLM\...\{3F2B3914-A927-4D1E-8417-E7B7C3339434}) (Version: 4.7 - Spigot, Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-776561741-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 4 more characters).
==================== Restore Points =========================
20-08-2014 22:01:05 Software Distribution Service 3.0
21-08-2014 22:00:48 Software Distribution Service 3.0
29-08-2014 17:08:04 Software Distribution Service 3.0
29-08-2014 22:00:44 Software Distribution Service 3.0
30-08-2014 22:00:46 Software Distribution Service 3.0
31-08-2014 22:01:21 Software Distribution Service 3.0
02-09-2014 05:29:38 Software Distribution Service 3.0
03-09-2014 05:42:50 Software Distribution Service 3.0
03-09-2014 22:01:16 Software Distribution Service 3.0
04-09-2014 22:02:03 Software Distribution Service 3.0
05-09-2014 22:01:51 Software Distribution Service 3.0
06-09-2014 22:00:46 Software Distribution Service 3.0
07-09-2014 22:01:43 Software Distribution Service 3.0
08-09-2014 22:03:28 Software Distribution Service 3.0
09-09-2014 22:01:52 Software Distribution Service 3.0
10-09-2014 18:24:24 Software Distribution Service 3.0
11-09-2014 18:57:27 System Checkpoint
11-09-2014 22:01:49 Software Distribution Service 3.0
12-09-2014 22:01:05 Software Distribution Service 3.0
13-09-2014 22:02:41 Software Distribution Service 3.0
14-09-2014 22:02:12 Software Distribution Service 3.0
15-09-2014 22:01:35 Software Distribution Service 3.0
16-09-2014 22:01:53 Software Distribution Service 3.0
18-09-2014 05:16:54 Software Distribution Service 3.0
18-09-2014 22:01:29 Software Distribution Service 3.0
19-09-2014 22:02:00 Software Distribution Service 3.0
20-09-2014 22:01:12 Software Distribution Service 3.0
21-09-2014 22:01:38 Software Distribution Service 3.0
22-09-2014 22:01:42 Software Distribution Service 3.0
23-09-2014 22:01:20 Software Distribution Service 3.0
24-09-2014 22:02:04 Software Distribution Service 3.0
25-09-2014 22:01:52 Software Distribution Service 3.0
26-09-2014 22:01:50 Software Distribution Service 3.0
27-09-2014 22:01:14 Software Distribution Service 3.0
28-09-2014 22:00:47 Software Distribution Service 3.0
29-09-2014 22:01:43 Software Distribution Service 3.0
30-09-2014 22:01:49 Software Distribution Service 3.0
01-10-2014 22:01:56 Software Distribution Service 3.0
02-10-2014 22:02:00 Software Distribution Service 3.0
03-10-2014 22:00:48 Software Distribution Service 3.0
05-10-2014 07:06:39 Software Distribution Service 3.0
05-10-2014 22:01:43 Software Distribution Service 3.0
07-10-2014 06:32:59 Software Distribution Service 3.0
07-10-2014 22:05:04 Software Distribution Service 3.0
08-10-2014 22:01:42 Software Distribution Service 3.0
09-10-2014 22:01:21 Software Distribution Service 3.0
10-10-2014 22:01:38 Software Distribution Service 3.0
12-10-2014 09:18:51 Software Distribution Service 3.0
12-10-2014 11:21:57 Removed Samsung Kies
12-10-2014 11:31:10 Removed Samsung Story Album Viewer
12-10-2014 22:02:03 Software Distribution Service 3.0
13-10-2014 22:01:45 Software Distribution Service 3.0
14-10-2014 22:01:41 Software Distribution Service 3.0
15-10-2014 22:01:34 Software Distribution Service 3.0
16-10-2014 22:01:53 Software Distribution Service 3.0
17-10-2014 22:01:58 Software Distribution Service 3.0
18-10-2014 22:01:19 Software Distribution Service 3.0
19-10-2014 22:02:48 Software Distribution Service 3.0
20-10-2014 22:01:48 Software Distribution Service 3.0
21-10-2014 22:01:25 Software Distribution Service 3.0
22-10-2014 22:00:51 Software Distribution Service 3.0
23-10-2014 22:01:52 Software Distribution Service 3.0
24-10-2014 22:01:38 Software Distribution Service 3.0
26-10-2014 09:21:35 Software Distribution Service 3.0
26-10-2014 21:04:46 Installed Windows XP -- Software Updates KB952011.
26-10-2014 23:01:17 Software Distribution Service 3.0
27-10-2014 23:01:42 Software Distribution Service 3.0
28-10-2014 23:01:27 Software Distribution Service 3.0
29-10-2014 23:01:37 Software Distribution Service 3.0
30-10-2014 23:01:59 Software Distribution Service 3.0
31-10-2014 23:01:19 Software Distribution Service 3.0
01-11-2014 23:01:58 Software Distribution Service 3.0
03-11-2014 07:35:21 Software Distribution Service 3.0
03-11-2014 23:00:47 Software Distribution Service 3.0
04-11-2014 22:17:59 Software Distribution Service 3.0
05-11-2014 22:53:36 System Checkpoint
05-11-2014 23:01:22 Software Distribution Service 3.0
07-11-2014 08:31:24 Software Distribution Service 3.0
07-11-2014 23:01:21 Software Distribution Service 3.0
08-11-2014 23:02:03 Software Distribution Service 3.0
09-11-2014 23:01:15 Software Distribution Service 3.0
10-11-2014 23:01:50 Software Distribution Service 3.0
12-11-2014 08:08:36 Software Distribution Service 3.0
12-11-2014 23:01:37 Software Distribution Service 3.0
13-11-2014 23:02:02 Software Distribution Service 3.0
14-11-2014 12:35:31 Software Distribution Service 3.0
14-11-2014 23:01:57 Software Distribution Service 3.0
16-11-2014 15:33:13 Removed Governor of Poker 2
16-11-2014 15:48:31 Removed Google Earth.
16-11-2014 23:01:19 Software Distribution Service 3.0
17-11-2014 10:55:14 Removed Bonjour
17-11-2014 11:05:33 Removed Bonjour
17-11-2014 11:09:28 Removed Silhouette Studio
17-11-2014 23:01:25 Software Distribution Service 3.0
18-11-2014 21:34:05 Software Distribution Service 3.0
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 12:00 - 2014-11-17 11:13 - 00450738 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Matt\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\BXNIRL.job => C:\Documents and Settings\Matt\Application Data\BXNIRL.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023Core.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-682003330-1023UA.job => C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\UWRVKX.job => C:\Documents and Settings\Matt\Application Data\UWRVKX.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-23 08:47 - 2011-03-23 16:32 - 01740696 _____ () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
2014-11-16 15:38 - 2014-11-03 13:56 - 04377560 ___SH () C:\Program Files\Bfascustiverculimned\Bfascustiverculimned.exe
2014-11-16 15:38 - 2014-03-07 19:56 - 00117262 ___SH () C:\Program Files\Bfascustiverculimned\libgcc_s_dw2-1.dll
2014-11-16 15:38 - 2014-03-07 19:56 - 00970766 ___SH () C:\Program Files\Bfascustiverculimned\libstdc++-6.dll
2014-11-16 15:38 - 2014-11-16 15:38 - 00160728 ____R () C:\Program Files\Bfascustiverculimned\BfascustiverculimnedHelper.exe
2014-11-16 21:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-16 21:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-16 21:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-16 21:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-16 21:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-26 21:01 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-10-26 21:01 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS:84C6D840C59D388C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98181191
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D346F792
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk => C:\WINDOWS\pss\MagicDisc.lnkStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\Matt\Local Settings\Application Data\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: Driver Manager => C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: DVDTray => C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: iLivid => "C:\Documents and Settings\Matt\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MobileAppSync => "C:\Program Files\Mobile App Sync\D2MClient.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: NBJ => "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe"
MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WebCake Desktop => "C:\Documents and Settings\Matt\Application Data\Tepfel\WebCakeDesktop.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1004336348-776561741-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1004336348-776561741-682003330-1024 - Limited - Enabled)
Guest (S-1-5-21-1004336348-776561741-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1004336348-776561741-682003330-1000 - Limited - Disabled)
Joshua (S-1-5-21-1004336348-776561741-682003330-1025 - Limited - Enabled)
Matt (S-1-5-21-1004336348-776561741-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt
Naomi (S-1-5-21-1004336348-776561741-682003330-1022 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Naomi.DESKTOP.000
SUPPORT_388945a0 (S-1-5-21-1004336348-776561741-682003330-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/19/2014 00:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst[1].exe, version 19.11.2014.0, faulting module frst[1].exe, version 19.11.2014.0, fault address 0x0001f09e.
Processing media-specific event for [frst[1].exe!ws!]
Error: (11/19/2014 11:52:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/18/2014 09:35:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Word 2003 (KB2878303): WINWORD' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/18/2014 09:35:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/18/2014 09:35:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2760494): MSCONV' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/18/2014 09:34:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB2878299): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/18/2014 09:34:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2850047): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/18/2014 00:39:59 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1180947459.
Error: (11/18/2014 00:39:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/18/2014 00:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (11/19/2014 11:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402
Error: (11/19/2014 10:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402
Error: (11/19/2014 09:47:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402
Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (11/19/2014 08:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
%%2
Error: (11/18/2014 09:35:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2878303).
Error: (11/18/2014 09:35:20 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).
Error: (11/18/2014 09:35:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760494).
Error: (11/18/2014 09:34:58 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Publisher 2003 (KB2878299).
Microsoft Office Sessions:
=========================
Error: (11/19/2014 00:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst[1].exe19.11.2014.0frst[1].exe19.11.2014.00001f09e
Error: (11/19/2014 11:52:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (11/18/2014 09:35:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Word 2003 (KB2878303): WINWORD1603(NULL)
Error: (11/18/2014 09:35:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)
Error: (11/18/2014 09:35:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2760494): MSCONV1603(NULL)
Error: (11/18/2014 09:34:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Publisher 2003 (KB2878299): MSPUB1603(NULL)
Error: (11/18/2014 09:34:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2850047): GDIPLUS1603(NULL)
Error: (11/18/2014 00:39:59 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1180947459
Error: (11/18/2014 00:39:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (11/18/2014 00:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 2794.67 MB
Available physical RAM: 1791.41 MB
Total Pagefile: 5434.84 MB
Available Pagefile: 4521.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.28 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:326.02 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2343CA6A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-19 12:29:45
-----------------------------
12:29:45.062 OS Version: Windows 5.1.2600 Service Pack 3
12:29:45.062 Number of processors: 2 586 0x2A07
12:29:45.062 ComputerName: DESKTOP UserName: Matt
12:29:51.859 Initialize success
12:29:52.000 VM: initialized successfully
12:29:52.000 VM: Intel CPU supported
12:29:54.328 VM: supported disk I/O atapi.sys
12:41:03.343 AVAST engine defs: 14111900
12:41:55.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:41:55.250 Disk 0 Vendor: ST320DM000-1BC14C JC4B Size: 305245MB BusType: 3
12:41:55.421 Disk 0 MBR read successfully
12:41:55.421 Disk 0 MBR scan
12:41:55.484 Disk 0 Windows XP default MBR code
12:41:55.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
12:41:55.484 Disk 0 default boot code
12:41:55.500 Disk 0 scanning sectors +976768065
12:41:55.546 Disk 0 scanning C:\WINDOWS\system32\drivers
12:42:41.296 Service scanning
12:43:44.187 Modules scanning
12:43:44.187 Disk 0 trace - called modules:
12:43:44.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:43:44.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae11ab8]
12:43:44.218 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ae06f18]
12:43:44.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad77940]
12:43:50.906 AVAST engine scan C:\WINDOWS
12:44:12.765 AVAST engine scan C:\WINDOWS\system32
12:56:06.906 AVAST engine scan C:\WINDOWS\system32\drivers
12:57:02.843 AVAST engine scan C:\Documents and Settings\Matt
12:59:54.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\MBR.dat"
12:59:54.921 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\aswMBR.txt"
13:00:05.046 Disk 0 statistics 1955712/0/0 @ 1.45 MB/s
13:00:05.046 Scan stopped
13:00:06.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:00:06.718 Disk 0 Vendor: ST320DM000-1BC14C JC4B Size: 305245MB BusType: 3
13:00:06.718 Disk 0 MBR read successfully
13:00:06.718 Disk 0 MBR scan
13:00:06.718 Disk 0 Windows XP default MBR code
13:00:06.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
13:00:06.734 Disk 0 default boot code
13:00:06.750 Disk 0 scanning sectors +976768065
13:00:06.765 Disk 0 scanning C:\WINDOWS\system32\drivers
13:00:06.765 Service scanning
13:03:40.875 Modules scanning
13:03:40.875 Disk 0 trace - called modules:
13:03:40.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:03:40.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae11ab8]
13:03:40.890 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ae06f18]
13:03:40.890 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad77940]
13:04:32.000 AVAST engine scan C:\WINDOWS
13:05:04.609 AVAST engine scan C:\WINDOWS\system32
13:16:28.390 AVAST engine scan C:\WINDOWS\system32\drivers
13:17:44.296 AVAST engine scan C:\Documents and Settings\Matt
14:23:57.031 AVAST engine scan C:\Documents and Settings\All Users
14:26:50.390 Disk 0 statistics 5288485/0/0 @ 0.54 MB/s
14:26:50.390 Scan finished successfully
14:56:45.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\MBR.dat"
14:56:45.828 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\FIX\aswMBR.txt"
Last edited by tashi; 2014-11-19 at 18:11.
Reason: Merged 3 posts. :-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
