[RESOLVED] How to check if I have a Keylogger on my laptop
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 55

Thread: [RESOLVED] How to check if I have a Keylogger on my laptop

Hybrid View

  1. #1
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999

    Resolved [RESOLVED] How to check if I have a Keylogger on my laptop

    Hi,

    I hope this is the right thread to post this.
    I am using a laptop running on Windows XP Pro with SP3 and Outlook Express for my emails.

    Recently I received a email to say that because I visited his website, he/she has planted a keylogger and used my video cam and had taken all my contacts. He further said that unless I send him $7,000 dollars, he will posted the video of my visit to his porn website and send my visit to all my contacts.

    I am suspicious of this email that may be a scam only because:
    1) I have not visited any porn website
    2) when I look at the message source, it shows my email address with my login password. But this password is no longer in use for more than a year already.

    So my question is how do I check to be 100 percent sure there is or there is not a keylogger on my laptop ?
    Also is there a good free scanner that I can use that is compatible with WindowsXP? I have tried a few, but they don't seem to work or run properly.

    Any suggestions and help greatly appreciated. Thanks

  2. #2
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by slickcondo View Post
    Hi,

    I hope this is the right thread to post this.
    I am using a laptop running on Windows XP Pro with SP3 and Outlook Express for my emails.

    Recently I received a email to say that because I visited his website, he/she has planted a keylogger and used my video cam and had taken all my contacts. He further said that unless I send him $7,000 dollars, he will posted the video of my visit to his porn website and send my visit to all my contacts.

    I am suspicious of this email that may be a scam only because:
    1) I have not visited any porn website
    2) when I look at the message source, it shows my email address with my login password. But this password is no longer in use for more than a year already.

    So my question is how do I check to be 100 percent sure there is or there is not a keylogger on my laptop ?
    Also is there a good free scanner that I can use that is compatible with WindowsXP? I have tried a few, but they don't seem to work or run properly.

    Any suggestions and help greatly appreciated. Thanks
    So disappointed no suggestions or help so far Have I posted this in the wrong thread ?

  3. #3
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,427
    Follow the instructions at the top of this forum and post the logs below.

    http://discussions.virtualdr.com/sho...ted-3-21-2015)

    Only mods can answer questions in this forum and since we all have jobs and live in different time zones it can take a little while to get a response.

    In the meantime disconnect your webcam or put some tape over it and change your important passwords which should be done regularly anyway.... If you can, use a different computer to change them.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  4. #4
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by fink View Post
    Follow the instructions at the top of this forum and post the logs below.

    http://discussions.virtualdr.com/sho...ted-3-21-2015)

    Only mods can answer questions in this forum and since we all have jobs and live in different time zones it can take a little while to get a response.

    In the meantime disconnect your webcam or put some tape over it and change your important passwords which should be done regularly anyway.... If you can, use a different computer to change them.
    Hi fink - thanks for reminding me of the time difference zone. Sorry

    I was not able to install any keylogger program. So I don't have a log to post. That was why I asked if anyone here can recommend one ? I only have AVG antivirus, SuperAntiSpyware and Malwarebytes - all free editions. I did not think these logs will detect and show if there is keylogger or not. When I tried to install a couple of keylogger programs, it did not work properly and I cannot scan it. That was why I asked if anyone can recommend one .

    I am using another computer to write this to you and this computer does not have a webcam. The other "infected" laptop also does not have a built in webcam, just a usb one and I have disconnected it.

    Any recommendation for a keylogger program for XP so that I can scan it and send the log ?

    Look forward to hear back from you soon and if you would like to see the log of my Antivirus or Malware program, please let me know whcih ?

  5. #5
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,427
    You keep saying "keylogger programs". Those are NOT what you want to have on your computer. They keep track of what you type and look at and keep records. A keylogger program is what the guy has claimed to have installed on your computer. It's not a good thing if it's actually there.

    What you want are antimalware scanners like malwarebtyes and the scanners that are recommended in the link above. Have you tried running Farbar Recovery Scan Tool as suggested? That's the first step in finding out what malware may be on your computer.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  6. #6
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by fink View Post
    You keep saying "keylogger programs". Those are NOT what you want to have on your computer. They keep track of what you type and look at and keep records. A keylogger program is what the guy has claimed to have installed on your computer. It's not a good thing if it's actually there.

    What you want are antimalware scanners like malwarebtyes and the scanners that are recommended in the link above. Have you tried running Farbar Recovery Scan Tool as suggested? That's the first step in finding out what malware may be on your computer.
    I have the free version of Malwarebytes. But I have not tried Fabar Recovery Scan Tool as I just got here not long. I will try it now and see how it goes. Do I send you the log for malwarebyte and also Fabar after I scan it ?

    When I google, there are some programs like Keylogger Detector which is supposed to scan for presence of this virus, but it does not work on my laptop.

    Do I still have to change my password even if after logging into say my bank account, the access the functions there, I have to use a device to generate an extra One Time Pin before I can proceed ?

  7. #7
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,427
    Don't run any other scanners other than the ones recommended here. Most are useless and many have adware or worse attached to them. Malwarebytes is good but superantispyware is old and not very effective any longer. Copy/paste the log file below broken into smaller parts if necessary.

    I don't know about the one time pin thing but I would change passwords now just to be on the safe side.

    Broni will take over from here once you've posted the log files requested above.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  8. #8
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by fink View Post
    Don't run any other scanners other than the ones recommended here. Most are useless and many have adware or worse attached to them. Malwarebytes is good but superantispyware is old and not very effective any longer. Copy/paste the log file below broken into smaller parts if necessary.

    I don't know about the one time pin thing but I would change passwords now just to be on the safe side.

    Broni will take over from here once you've posted the log files requested above.
    The One Time Pin is use by banks here these days as a added security. They give you a small device where when you press a button, it generates a 6 digit number that you have to enter before you can proceed further. Each time, it is a different 6 digit number.

    OK, I will post the log as soon as I can - possibly midnight here or tomorrow as it is now 7.25pm here and family getting ready to have dinner and I have to help in the cooking. I will change my passwords on some accounts first and thanks for your advise. Look forward to receive Broni's help.

  9. #9
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Oh by the way. forget to ask. When I post the log, do I post it here or start a new post as the above link says ?
    And only send the log of Fabar Recovery Tool and not a Malwarebyte log ?

  10. #10
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    That e-mail is almost certainly a scam designed to get you to send $$$$. Nevertheless, you should still check for malware. Post the scans here. If Broni wants a Malwarebytes log, he will let you know.

    What e-mail provider do you have (Yahoo, GMail, Outlook.com, Hotmail, other ISP, etc.)?

  11. #11
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by jdc2000 View Post
    That e-mail is almost certainly a scam designed to get you to send $$$$. Nevertheless, you should still check for malware. Post the scans here. If Broni wants a Malwarebytes log, he will let you know.

    What e-mail provider do you have (Yahoo, GMail, Outlook.com, Hotmail, other ISP, etc.)?
    Hi jdc - nice to hear from you again. It's been a long time since we were last in contact on this site. I trust you are well ?

    Yes I think that email is most possibly only a scam. But I feel more assured if I know for sure because my email address and the password when I checked the email source it also shows my password but it was a password that I had used for that email over a year ago and I had since changed it. But still worrying that one of my passwords is known to the scammer and wondering how. So better be safe than sorry.

    I have just finished the scan by Fabar and I will past the 2 logs here in the next post to follow and thanks for offering to forward it to Broni

  12. #12
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Result of 3rd scan after first scan failed. Second scan was ok, but could not find the log until I moved the first scan log to another location and ran a third scan. This First report will be sent in 2 or poss 3 parts as it is over the max character limit allow. Here is the first part of the First log

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
    Ran by Administrator (administrator) on HOME (27-07-2018 22:33:03)
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    (THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\service\st330service.exe
    (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    () C:\WINDOWS\vsnpstd2.exe
    (Magistone Systems) C:\Program Files\Magitime\Magitime.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
    (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    (THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\s***ent.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\Macrium\Reflect\ReflectService.exe
    (Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    () C:\Program Files\FastStone Capture\FSCapture.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-05-08] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-05-08] (Intel Corporation)
    HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [40960 2004-01-06] ()
    HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
    HKLM\...\Run: [Magitime] => C:\Program Files\Magitime\magitime.exe [659456 2014-03-14] (Magistone Systems)
    HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1453704 2012-02-02] (SPAMfighter ApS)
    HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
    HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [diagnostics] => C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149 2017-10-30] (THOMSON Telecom Belgium)
    HKLM\...\Run: [s***ent] => C:\Program Files\Fighters\SPAMfighter\s***ent.exe [1197704 2012-03-15] (SPAMfighter ApS)
    HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-05-11] (RealNetworks, Inc.)
    HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-07-26] ()
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-07-08] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [ZAM] => C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
    HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
    Winlogon\Notify\NavLogon:
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã* r.l.)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\MountPoints2: {78b543b0-bc6c-11e0-89f8-001636b15235} - F:\unlock.exe autoplay=true
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-06-22]
    ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe ()
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-30]
    ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysRestorePoint.exe [2002-11-11] (Doug Knox)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{49F88D2F-BEF2-4BAB-A775-D4173A03AAE3}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E8BB92A5-E42A-465D-B774-C5BC6F026298} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04] (Sun Microsystems, Inc.)
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271356564296
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 [2018-07-27]
    FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 -> hxxps://www.msn.com/en-gb/?ocid=mailsignout&AR=1
    FF Extension: (IBM Security Rapport) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-08]
    FF Extension: (Video Downloader Pro) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\@video_downloader_pro.xpi [2018-06-17]
    FF Extension: (SaveFrom.net helper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
    FF Extension: (Flash and Video Download) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-15]
    FF Extension: (Download with Internet Download Manager (IDM)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-10-16]
    FF HKLM\...\Firefox\Extensions: [{051F5AD7-BA56-4780-890F-EAB21B44B01A}] - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A}
    FF Extension: (XULRunner) - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A} [2010-09-16] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-18] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-19] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-11] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
    FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-06] (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-05-11] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-18] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-18] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-05-11] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-10-01]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://www.msn.com/en-gb/
    CHR StartupUrls: Default -> "hxxps://www.msn.com/en-gb/"
    CHR DefaultSearchURL: Default -> hxxp://www.channel4.com/favicon.ico
    CHR DefaultSearchKeyword: Default -> sse
    CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-07-25]
    CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
    CHR Extension: (4 On-Demand) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anhngjkonjhfnhekadjnofhcjjhnljhh [2017-11-01]
    CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
    CHR Extension: (Video Downloader Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2018-06-26]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diogmdacmdamkfnkeedajbbeglpeaigi [2017-10-15]
    CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-06-18]
    CHR Extension: (The ITV) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enlkekmehifkbcpadgpbhjcepnannhml [2017-11-01]
    CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
    CHR Extension: (WhatsApp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnpfjngllnobngcgfapefoaidbinmjnm [2017-10-15]
    CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2017-05-19]
    CHR Extension: (BBC iPlayer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahnifecgkhjbcbjfkplnplfkcebgafc [2017-11-01]
    CHR Extension: (Hangouts) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kffnpbachbhakiomjoichllogeobmoli [2017-10-30]
    CHR Extension: (4 Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgkjlaebagdlngdnngcejfejfjfamfjk [2017-10-15]
    CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-06-26]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfheiaeoljbhacojcpijifmiaagpmjha [2017-10-15]
    CHR Extension: (TVCatchup - TV Guide) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnkddnodjiogeonmkfjiikfobojmcbk [2017-10-15]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\memeiodlbggpddhlkeoppgnefjdgpcda [2017-11-01]
    CHR Extension: (Video Downloader GetThemAll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
    CHR Extension: (ITV CatchUp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobiaddkhdkdpekghklpdnjagimdmhdi [2017-10-15]
    CHR Extension: (TVCatchup - Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obgolfleeijjdgkahmeimjecogcgpaca [2017-10-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
    CHR Extension: (All 4) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ploblfmaojdpinjdldecofjjdgkcndda [2017-10-15]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-05-18] (SUPERAntiSpyware.com)
    R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-10] (Adobe Systems Incorporated) [File not signed]
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-07-08] (AVG Technologies CZ, s.r.o.)
    S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
    R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
    S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
    R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [215688 2012-03-15] (SPAMfighter ApS)
    R2 st330service; C:\Program Files/Thomson/ST330/service/st330service.exe [581632 2017-10-30] (THOMSON Telecom Belgium) [File not signed]
    R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1324680 2012-01-23] (SPAMfighter ApS)
    R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
    R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
    R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
    R2 ZAMSvc; C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
    R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
    S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ACPIVPC; C:\WINDOWS\System32\DRIVERS\AcpiVpc.sys [7296 2005-10-11] (Lenovo Corporation)
    S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed]
    S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed]
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
    S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
    R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [142240 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-07-08] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr.sys [63224 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-24] (AVG Technologies CZ, s.r.o.)
    R3 avgStmXP; C:\WINDOWS\System32\drivers\avgStmXP.sys [198248 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2012-12-27] (Windows (R) Codename Longhorn DDK provider)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 DCamUSBTP10; C:\WINDOWS\System32\Drivers\TP6810.sys [241704 2006-06-15] (Microsoft Corporation) [File not signed]
    R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
    R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [568320 2009-01-14] (Conexant Systems Inc.)
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206848 2006-05-08] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-05-08] (Conexant Systems, Inc.)
    S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [144416 2017-03-22] (Zemana Ltd.)
    R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-26] (Lavasoft AB)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2018-07-25] (Malwarebytes)
    S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [115790 2002-07-03] (Mars Semiconductor Corp.) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
    R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
    S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
    R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM Corp.)
    R1 RapportCerberus_1804077; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-11-08] (IBM Corp.)
    R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM Corp.)
    R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM Corp.)
    R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [302720 2004-03-23] ()
    R3 ST330; C:\WINDOWS\System32\drivers\st330.sys [30464 2010-09-23] (THOMSON Telecom Belgium)
    R3 STBUS; C:\WINDOWS\System32\drivers\stbus.sys [12672 2010-09-23] (THOMSON Telecom Belgium)
    S3 STETH; C:\WINDOWS\System32\DRIVERS\steth.sys [40320 2010-09-23] (THOMSON Telecom Belgium)
    R3 stppp; C:\WINDOWS\System32\DRIVERS\stppp.sys [32000 2017-05-19] (THOMSON Telecom Belgium)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
    S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [37080 2010-08-25] (Windows (R) 2000 DDK provider)
    S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [395464 2010-08-25] (Paragon)
    R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-08-05] (Acronis)
    R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-08-05] (Acronis)
    R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-07-26] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-07-26] (Zemana Ltd.)
    S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
    S4 IntelIde; no ImagePath
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S3 pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [X]
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
    S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
    S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
    S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

  13. #13
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Result of 3rd scan after first scan failed. Second scan was ok, but could not find the log until I moved the first scan log to another location and ran a third scan. This First report will be sent in 2 or poss 3 parts as it is over the max character limit allow. Here is the first part of the First log

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
    Ran by Administrator (administrator) on HOME (27-07-2018 22:33:03)
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    (THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\service\st330service.exe
    (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    () C:\WINDOWS\vsnpstd2.exe
    (Magistone Systems) C:\Program Files\Magitime\Magitime.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
    (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    (THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\s***ent.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\Macrium\Reflect\ReflectService.exe
    (Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    () C:\Program Files\FastStone Capture\FSCapture.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-05-08] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-05-08] (Intel Corporation)
    HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [40960 2004-01-06] ()
    HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
    HKLM\...\Run: [Magitime] => C:\Program Files\Magitime\magitime.exe [659456 2014-03-14] (Magistone Systems)
    HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1453704 2012-02-02] (SPAMfighter ApS)
    HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
    HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [diagnostics] => C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149 2017-10-30] (THOMSON Telecom Belgium)
    HKLM\...\Run: [s***ent] => C:\Program Files\Fighters\SPAMfighter\s***ent.exe [1197704 2012-03-15] (SPAMfighter ApS)
    HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-05-11] (RealNetworks, Inc.)
    HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-07-26] ()
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-07-08] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [ZAM] => C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
    HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
    Winlogon\Notify\NavLogon:
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã* r.l.)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\MountPoints2: {78b543b0-bc6c-11e0-89f8-001636b15235} - F:\unlock.exe autoplay=true
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-06-22]
    ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe ()
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-30]
    ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysRestorePoint.exe [2002-11-11] (Doug Knox)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{49F88D2F-BEF2-4BAB-A775-D4173A03AAE3}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E8BB92A5-E42A-465D-B774-C5BC6F026298} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04] (Sun Microsystems, Inc.)
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271356564296
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 [2018-07-27]
    FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 -> hxxps://www.msn.com/en-gb/?ocid=mailsignout&AR=1
    FF Extension: (IBM Security Rapport) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-08]
    FF Extension: (Video Downloader Pro) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\@video_downloader_pro.xpi [2018-06-17]
    FF Extension: (SaveFrom.net helper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
    FF Extension: (Flash and Video Download) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-15]
    FF Extension: (Download with Internet Download Manager (IDM)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-10-16]
    FF HKLM\...\Firefox\Extensions: [{051F5AD7-BA56-4780-890F-EAB21B44B01A}] - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A}
    FF Extension: (XULRunner) - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A} [2010-09-16] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-18] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-19] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-11] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
    FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-06] (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-05-11] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-18] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-18] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-05-11] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-10-01]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://www.msn.com/en-gb/
    CHR StartupUrls: Default -> "hxxps://www.msn.com/en-gb/"
    CHR DefaultSearchURL: Default -> hxxp://www.channel4.com/favicon.ico
    CHR DefaultSearchKeyword: Default -> sse
    CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-07-25]
    CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
    CHR Extension: (4 On-Demand) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anhngjkonjhfnhekadjnofhcjjhnljhh [2017-11-01]
    CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
    CHR Extension: (Video Downloader Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2018-06-26]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diogmdacmdamkfnkeedajbbeglpeaigi [2017-10-15]
    CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-06-18]
    CHR Extension: (The ITV) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enlkekmehifkbcpadgpbhjcepnannhml [2017-11-01]
    CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
    CHR Extension: (WhatsApp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnpfjngllnobngcgfapefoaidbinmjnm [2017-10-15]
    CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2017-05-19]
    CHR Extension: (BBC iPlayer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahnifecgkhjbcbjfkplnplfkcebgafc [2017-11-01]
    CHR Extension: (Hangouts) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kffnpbachbhakiomjoichllogeobmoli [2017-10-30]
    CHR Extension: (4 Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgkjlaebagdlngdnngcejfejfjfamfjk [2017-10-15]
    CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-06-26]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfheiaeoljbhacojcpijifmiaagpmjha [2017-10-15]
    CHR Extension: (TVCatchup - TV Guide) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnkddnodjiogeonmkfjiikfobojmcbk [2017-10-15]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\memeiodlbggpddhlkeoppgnefjdgpcda [2017-11-01]
    CHR Extension: (Video Downloader GetThemAll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
    CHR Extension: (ITV CatchUp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobiaddkhdkdpekghklpdnjagimdmhdi [2017-10-15]
    CHR Extension: (TVCatchup - Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obgolfleeijjdgkahmeimjecogcgpaca [2017-10-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
    CHR Extension: (All 4) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ploblfmaojdpinjdldecofjjdgkcndda [2017-10-15]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-05-18] (SUPERAntiSpyware.com)
    R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-10] (Adobe Systems Incorporated) [File not signed]
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-07-08] (AVG Technologies CZ, s.r.o.)
    S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
    R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
    S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
    R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [215688 2012-03-15] (SPAMfighter ApS)
    R2 st330service; C:\Program Files/Thomson/ST330/service/st330service.exe [581632 2017-10-30] (THOMSON Telecom Belgium) [File not signed]
    R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1324680 2012-01-23] (SPAMfighter ApS)
    R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
    R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
    R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
    R2 ZAMSvc; C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
    R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
    S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ACPIVPC; C:\WINDOWS\System32\DRIVERS\AcpiVpc.sys [7296 2005-10-11] (Lenovo Corporation)
    S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed]
    S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed]
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
    S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
    R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [142240 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-07-08] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr.sys [63224 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-24] (AVG Technologies CZ, s.r.o.)
    R3 avgStmXP; C:\WINDOWS\System32\drivers\avgStmXP.sys [198248 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2012-12-27] (Windows (R) Codename Longhorn DDK provider)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 DCamUSBTP10; C:\WINDOWS\System32\Drivers\TP6810.sys [241704 2006-06-15] (Microsoft Corporation) [File not signed]
    R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
    R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [568320 2009-01-14] (Conexant Systems Inc.)
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206848 2006-05-08] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-05-08] (Conexant Systems, Inc.)
    S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [144416 2017-03-22] (Zemana Ltd.)
    R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-26] (Lavasoft AB)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2018-07-25] (Malwarebytes)
    S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [115790 2002-07-03] (Mars Semiconductor Corp.) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
    R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
    S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
    R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM Corp.)
    R1 RapportCerberus_1804077; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-11-08] (IBM Corp.)
    R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM Corp.)
    R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM Corp.)
    R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [302720 2004-03-23] ()
    R3 ST330; C:\WINDOWS\System32\drivers\st330.sys [30464 2010-09-23] (THOMSON Telecom Belgium)
    R3 STBUS; C:\WINDOWS\System32\drivers\stbus.sys [12672 2010-09-23] (THOMSON Telecom Belgium)
    S3 STETH; C:\WINDOWS\System32\DRIVERS\steth.sys [40320 2010-09-23] (THOMSON Telecom Belgium)
    R3 stppp; C:\WINDOWS\System32\DRIVERS\stppp.sys [32000 2017-05-19] (THOMSON Telecom Belgium)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
    S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [37080 2010-08-25] (Windows (R) 2000 DDK provider)
    S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [395464 2010-08-25] (Paragon)
    R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-08-05] (Acronis)
    R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-08-05] (Acronis)
    R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-07-26] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-07-26] (Zemana Ltd.)
    S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
    S4 IntelIde; no ImagePath
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S3 pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [X]
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
    S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
    S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
    S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

  14. #14
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Additional log 1 of 2 parts

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
    Ran by Administrator (27-07-2018 22:34:45)
    Running from C:\Documents and Settings\Administrator\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2010-04-15 18:05:51)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1801674531-448539723-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1801674531-448539723-1606980848-1003 - Limited - Enabled)
    Guest (S-1-5-21-1801674531-448539723-1606980848-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1801674531-448539723-1606980848-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1801674531-448539723-1606980848-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
    AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
    FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acronis True Image WD*Edition (HKLM\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14157 - Acronis)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
    Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Any Video Converter 3.3.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
    AxCrypt 1.7.3156.0 (HKLM\...\{DB066768-5A50-4C44-815B-4E8A6A39335E}) (Version: 1.7.3156.0 - Axantum Software AB)
    BB FlashBack Express (HKLM\...\BB FlashBack Express) (Version: 3.2.7.2349 - Blueberry)
    CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
    ClipGrab 3.6.8 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
    Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
    Digital Camera Driver (HKLM\...\Digital Camera Driver) (Version: - )
    DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.2.2 - DivX, Inc.)
    Dr SpeedTouch (HKLM\...\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}) (Version: - )
    EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: - )
    EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
    EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
    Eraser 5.82 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.82 - Heidi Computers Ltd.)
    FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
    File Identifier (HKLM\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
    File Viewer Lite (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.4.1 - Sharpened Productions)
    Freemake Video Converter version 4.1.10 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Hard Disk Sentinel (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
    Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.260 - Oracle)
    K-Lite Codec Pack 8.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
    Macrium Reflect - Free Edition (HKLM\...\{BB912177-24CC-4AEE-8329-97D7ACD125D4}) (Version: 4.2.3775 - Macrium)
    Magitime (HKLM\...\Magitime) (Version: - )
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    MalwareFox AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    MiniTool Partition Wizard Home Edition 7.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    Mozilla Firefox 52.9.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-GB)) (Version: 52.9.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
    MSRuntime Libraries (HKLM\...\{ECA2B21B-A180-4775-B93F-6E404E36A8CC}) (Version: 1.0.0 - Thomson)
    Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
    O2InstV3Win7UpdateV2 (HKLM\...\{74B1CEB6-B4BF-46FD-8080-CE3C1809B010}) (Version: 10 - SupportSoft) Hidden
    OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    QuickOn Button (HKLM\...\QkOnBtn) (Version: - )
    QuickStroke (HKLM\...\{2BDBE4EC-89F3-4663-8C00-F9E2EC726AF5}) (Version: - )
    Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
    RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
    Registry Drill (HKLM\...\Registry Drill4.4) (Version: 4.4 - Easy Desk Software) <==== ATTENTION
    Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
    Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
    SmartCamera Ver 2.1 (HKLM\...\{9527450C-64B3-11D5-9B31-000021116B62}) (Version: 2.01.0001 - MingjongTechnologies CO.,LTD.)
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA2075) (Version: - )
    SPAMfighter (HKLM\...\{AD0002B9-2363-43C5-BA94-2A71AD86BE17}) (Version: 7.5.131 - Spamfighter ApS) Hidden
    SPAMfighter (HKLM\...\SPAMfighter) (Version: 7.5.131 - Spamfighter ApS)
    SpeedTouch 330 (HKLM\...\SpeedTouch 330) (Version: - )
    Startup Cop (HKLM\...\Startup Cop) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
    TIPCI (HKLM\...\{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
    Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
    USB PC Camera (SN9C103) (HKLM\...\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}) (Version: 4.6.6.0 - )
    VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
    Viber (HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
    WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
    ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point)
    ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
    ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\MalwareFox AntiMalware\ZAMShellExt32.dll [2018-07-26] ()
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
    ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
    ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
    ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
    ContextMenuHandlers1: [SDContextExt] -> {70F8E90E-353A-47AB-B297-C576345EE693} => -> No File
    ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
    ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RShellExt.dll [2011-07-01] (Paramount Software UK Ltd)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2006-05-08] (Intel Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\MalwareFox AntiMalware\ZAMShellExt32.dll [2018-07-26] ()
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
    ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
    ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

    ==================== Scheduled Tasks=============================

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
    Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\4 On-Demand.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=anhngjkonjhfnhekadjnofhcjjhnljhh
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\BBC iPlayer.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jahnifecgkhjbcbjfkplnplfkcebgafc
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\My5.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=memeiodlbggpddhlkeoppgnefjdgpcda
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\The ITV.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enlkekmehifkbcpadgpbhjcepnannhml
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Desktop\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-10-30 08:23 - 2017-10-30 08:23 - 004349952 _____ () C:\Program Files\Thomson\ST330\service\qt-mt337.dll
    2018-07-08 23:32 - 2018-07-08 23:32 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
    2018-07-27 20:37 - 2018-07-27 20:37 - 005890800 _____ () C:\Program Files\AVG\Antivirus\defs\18072704\algo.dll
    2018-07-08 23:32 - 2018-07-08 23:32 - 000986352 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
    2018-07-08 23:39 - 2018-07-08 23:39 - 000907504 _____ () C:\Program Files\AVG\Antivirus\anen.dll
    2018-07-08 23:32 - 2018-07-08 23:32 - 000533744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
    2018-07-26 17:32 - 2018-07-26 17:32 - 000131952 _____ () C:\Program Files\MalwareFox AntiMalware\ZAMShellExt32.dll
    2015-06-02 16:51 - 2015-06-02 16:51 - 000545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
    2010-09-04 19:02 - 2004-01-06 02:34 - 000040960 _____ () C:\WINDOWS\vsnpstd2.exe
    2017-10-30 08:23 - 2017-10-30 08:23 - 004222976 _____ () C:\Program Files\Thomson\ST330\diagnostics\qt-mt332.dll
    2017-10-30 08:23 - 2017-10-30 08:23 - 000364544 _____ () C:\Program Files\Thomson\ST330\diagnostics\qwt.dll
    2012-03-15 11:44 - 2012-03-15 11:44 - 000549512 _____ () C:\Program Files\Fighters\SPAMfighter\sfsg.dll
    2012-03-15 11:44 - 2017-10-15 21:50 - 000966248 ____T () C:\Program Files\Fighters\SPAMfighter\sfse.dll
    2018-05-21 10:06 - 2017-07-26 11:57 - 000080896 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    2013-08-14 15:19 - 2013-08-14 15:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2011-07-01 12:55 - 2011-07-01 12:55 - 000220824 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
    2018-07-08 23:40 - 2018-07-08 23:40 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
    2010-09-04 19:02 - 2003-10-24 19:21 - 000053248 ____C () C:\WINDOWS\system32\dsnpstd2.dll
    2010-09-08 10:45 - 2010-09-08 10:45 - 001034752 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    2010-09-08 10:53 - 2010-09-08 10:53 - 000886272 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
    2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files\Skype\Phone\skypert.dll
    2008-04-14 13:00 - 2008-04-14 13:00 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 13:00 - 2008-04-14 13:00 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2010-09-08 10:44 - 2010-09-08 10:44 - 000484352 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    2007-02-13 01:31 - 2007-02-13 01:31 - 001111552 _____ () C:\Program Files\FastStone Capture\FSCapture.exe

  15. #15
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Additional log 2 of 2 parts

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 13:00 - 2018-07-27 21:18 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.1.254
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\eraser.exe -hide
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
    StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe] => Enabled:ST330 service
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson\ST330\service\st330service.exe] => Enabled:ST330 service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Antivirus\AvEmUpdate.exe] => Enabled:Antivirus Emergency Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabled:@xpsp2res.dll,-22008

    ==================== Restore Points =========================

    17-07-2018 11:09:32 Automatic Restore Point
    17-07-2018 18:42:37 Automatic Restore Point
    17-07-2018 21:18:31 Automatic Restore Point
    17-07-2018 22:18:46 Automatic Restore Point
    17-07-2018 23:30:24 Automatic Restore Point
    18-07-2018 08:35:48 Automatic Restore Point
    18-07-2018 13:05:12 Automatic Restore Point
    18-07-2018 16:44:54 Automatic Restore Point
    18-07-2018 18:10:48 Automatic Restore Point
    19-07-2018 09:51:22 Automatic Restore Point
    19-07-2018 17:42:05 Automatic Restore Point
    19-07-2018 17:54:26 Automatic Restore Point
    19-07-2018 19:34:30 Automatic Restore Point
    19-07-2018 22:21:03 Automatic Restore Point
    20-07-2018 00:32:58 Automatic Restore Point
    20-07-2018 05:38:25 Automatic Restore Point
    20-07-2018 14:48:15 Automatic Restore Point
    21-07-2018 16:54:14 Automatic Restore Point
    22-07-2018 02:00:18 Restore Operation
    22-07-2018 02:10:34 Automatic Restore Point
    22-07-2018 02:18:04 Installed Windows XP Wdf01009.
    22-07-2018 02:23:47 Automatic Restore Point
    22-07-2018 16:10:43 Automatic Restore Point
    22-07-2018 16:21:37 Automatic Restore Point
    22-07-2018 17:23:24 Automatic Restore Point
    22-07-2018 21:00:34 Automatic Restore Point
    22-07-2018 21:25:09 Automatic Restore Point
    23-07-2018 22:08:27 Automatic Restore Point
    24-07-2018 01:23:18 Automatic Restore Point
    24-07-2018 03:11:33 Automatic Restore Point
    24-07-2018 03:25:34 Restore Operation
    24-07-2018 03:50:35 Restore Operation
    24-07-2018 04:15:46 Restore Operation
    24-07-2018 04:41:32 Restore Operation
    24-07-2018 04:45:09 Automatic Restore Point
    24-07-2018 04:50:53 Restore Operation
    24-07-2018 05:11:31 Automatic Restore Point
    24-07-2018 05:18:08 Installed Windows XP Wdf01009.
    24-07-2018 05:24:47 Installed Windows XP Wdf01009.
    24-07-2018 06:06:28 Automatic Restore Point
    24-07-2018 07:31:05 Automatic Restore Point
    24-07-2018 07:47:40 Installed Windows KB954550-v5.
    24-07-2018 07:47:58 Printer Driver Microsoft XPS Document Writer Installed
    24-07-2018 07:48:18 Printer Driver Microsoft XPS Document Writer Installed
    24-07-2018 08:02:23 Automatic Restore Point
    24-07-2018 09:04:58 Automatic Restore Point
    24-07-2018 10:30:16 Automatic Restore Point
    24-07-2018 18:11:38 Automatic Restore Point
    25-07-2018 08:27:50 Automatic Restore Point
    25-07-2018 09:35:24 Automatic Restore Point
    25-07-2018 10:24:16 Automatic Restore Point
    25-07-2018 10:35:25 Revo Uninstaller's restore point - SpyShelter Premium 11.1
    25-07-2018 10:45:09 Automatic Restore Point
    25-07-2018 11:16:31 Automatic Restore Point
    25-07-2018 13:29:00 Automatic Restore Point
    25-07-2018 18:52:21 Installed Keylogger Detector
    25-07-2018 19:01:39 Revo Uninstaller's restore point - Keylogger Detector
    25-07-2018 19:02:05 Removed Keylogger Detector
    25-07-2018 19:05:44 Installed Keylogger Detector
    25-07-2018 19:07:29 Revo Uninstaller's restore point - Keylogger Detector
    25-07-2018 19:07:54 Removed Keylogger Detector
    25-07-2018 19:15:58 Automatic Restore Point
    25-07-2018 21:03:50 Automatic Restore Point
    26-07-2018 11:42:08 Automatic Restore Point
    26-07-2018 18:39:26 Automatic Restore Point
    26-07-2018 19:37:19 Automatic Restore Point
    26-07-2018 21:12:30 Automatic Restore Point
    27-07-2018 12:58:46 Automatic Restore Point
    27-07-2018 19:53:26 Automatic Restore Point
    27-07-2018 21:14:40 Automatic Restore Point
    27-07-2018 21:34:09 Installed Windows KB954550-v5.
    27-07-2018 21:34:25 Printer Driver Microsoft XPS Document Writer Installed
    27-07-2018 21:34:44 Printer Driver Microsoft XPS Document Writer Installed
    27-07-2018 21:49:55 Automatic Restore Point

    ==================== Faulty Device Manager Devices =============

    Name: IrDA Fast Infrared Port
    Description: IrDA Fast Infrared Port
    Class Guid: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
    Manufacturer: National Semiconductor
    Service: NSCIRDA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/27/2018 09:57:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/27/2018 09:50:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (07/27/2018 08:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application frst.exe, version 21.7.2018.0, faulting module frst.exe, version 21.7.2018.0, fault address 0x0002129e.
    Processing media-specific event for [frst.exe!ws!]

    Error: (07/26/2018 06:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/25/2018 08:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (07/25/2018 08:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
    Processing media-specific event for [drwtsn32.exe!ws!]

    Error: (07/25/2018 08:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04155a21.
    Processing media-specific event for [explorer.exe!ws!]

    Error: (07/25/2018 08:01:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
    Processing media-specific event for [plugin-container.exe!ws!]


    System errors:
    =============
    Error: (07/27/2018 09:50:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon

    Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.

    Error: (07/27/2018 09:15:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon

    Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
    Percentage of memory in use: 53%
    Total physical RAM: 2038.07 MB
    Available physical RAM: 944.46 MB
    Total Virtual: 3406.3 MB
    Available Virtual: 2397.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:200.19 GB) (Free:126.69 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive d: (New Volume) (Fixed) (Total:265.57 GB) (Free:137.06 GB) NTFS


    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B4B9B3EC)
    Partition 1: (Active) - (Size=200.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=265.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

Thread Information

Users Browsing this Thread

There are currently 7 users browsing this thread. (0 members and 7 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •