[RESOLVED] How to check if I have a Keylogger on my laptop - Page 3
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 55

Thread: [RESOLVED] How to check if I have a Keylogger on my laptop

  1. #31
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  2. #32
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    ok. Here is the first of 2 part of the First scan result. Part 2 follows and then the Additional scan report in the 3rd post.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
    Ran by Administrator (administrator) on HOME (30-07-2018 01:19:11)
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    (THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\service\st330service.exe
    (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\Macrium\Reflect\ReflectService.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    () C:\WINDOWS\vsnpstd2.exe
    (Magistone Systems) C:\Program Files\Magitime\Magitime.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
    (THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
    (SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\s***ent.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    () C:\Program Files\FastStone Capture\FSCapture.exe
    (Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-05-08] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-05-08] (Intel Corporation)
    HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [40960 2004-01-06] ()
    HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
    HKLM\...\Run: [Magitime] => C:\Program Files\Magitime\magitime.exe [659456 2014-03-14] (Magistone Systems)
    HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1453704 2012-02-02] (SPAMfighter ApS)
    HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
    HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [diagnostics] => C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149 2017-10-30] (THOMSON Telecom Belgium)
    HKLM\...\Run: [s***ent] => C:\Program Files\Fighters\SPAMfighter\s***ent.exe [1197704 2012-03-15] (SPAMfighter ApS)
    HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-05-11] (RealNetworks, Inc.)
    HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-07-26] ()
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-07-08] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
    Winlogon\Notify\NavLogon:
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã* r.l.)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\MountPoints2: {78b543b0-bc6c-11e0-89f8-001636b15235} - F:\unlock.exe autoplay=true
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-06-22]
    ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe ()
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-30]
    ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysRestorePoint.exe [2002-11-11] (Doug Knox)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{DEE303A4-64CF-40E7-BBF4-7BFB0121AD5D}: [NameServer] 212.159.6.9 212.159.6.10

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E8BB92A5-E42A-465D-B774-C5BC6F026298} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04] (Sun Microsystems, Inc.)
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271356564296
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 [2018-07-30]
    FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 -> hxxps://www.msn.com/en-gb/?ocid=mailsignout&AR=1
    FF Extension: (IBM Security Rapport) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-08]
    FF Extension: (Video Downloader Pro) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\@video_downloader_pro.xpi [2018-06-17]
    FF Extension: (SaveFrom.net helper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
    FF Extension: (Flash and Video Download) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-28]
    FF Extension: (Download with Internet Download Manager (IDM)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-10-16]
    FF HKLM\...\Firefox\Extensions: [{051F5AD7-BA56-4780-890F-EAB21B44B01A}] - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A}
    FF Extension: (XULRunner) - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A} [2010-09-16] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-18] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-19] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-11] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
    FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-06] (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-05-11] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-18] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-18] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-05-11] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-10-01]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-10-01]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://www.msn.com/en-gb/
    CHR StartupUrls: Default -> "hxxps://www.msn.com/en-gb/"
    CHR DefaultSearchURL: Default -> hxxp://www.channel4.com/favicon.ico
    CHR DefaultSearchKeyword: Default -> sse
    CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-07-25]
    CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
    CHR Extension: (4 On-Demand) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anhngjkonjhfnhekadjnofhcjjhnljhh [2017-11-01]
    CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
    CHR Extension: (Video Downloader Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2018-06-26]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diogmdacmdamkfnkeedajbbeglpeaigi [2017-10-15]
    CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-06-18]
    CHR Extension: (The ITV) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enlkekmehifkbcpadgpbhjcepnannhml [2017-11-01]
    CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
    CHR Extension: (WhatsApp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnpfjngllnobngcgfapefoaidbinmjnm [2017-10-15]
    CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2017-05-19]
    CHR Extension: (BBC iPlayer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahnifecgkhjbcbjfkplnplfkcebgafc [2017-11-01]
    CHR Extension: (Hangouts) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kffnpbachbhakiomjoichllogeobmoli [2017-10-30]
    CHR Extension: (4 Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgkjlaebagdlngdnngcejfejfjfamfjk [2017-10-15]
    CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-06-26]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfheiaeoljbhacojcpijifmiaagpmjha [2017-10-15]
    CHR Extension: (TVCatchup - TV Guide) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnkddnodjiogeonmkfjiikfobojmcbk [2017-10-15]
    CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\memeiodlbggpddhlkeoppgnefjdgpcda [2017-11-01]
    CHR Extension: (Video Downloader GetThemAll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
    CHR Extension: (ITV CatchUp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobiaddkhdkdpekghklpdnjagimdmhdi [2017-10-15]
    CHR Extension: (TVCatchup - Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obgolfleeijjdgkahmeimjecogcgpaca [2017-10-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
    CHR Extension: (All 4) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ploblfmaojdpinjdldecofjjdgkcndda [2017-10-15]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-05-18] (SUPERAntiSpyware.com)
    R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-10] (Adobe Systems Incorporated) [File not signed]
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-07-08] (AVG Technologies CZ, s.r.o.)
    S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.)
    R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
    R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
    S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
    R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [215688 2012-03-15] (SPAMfighter ApS)
    R2 st330service; C:\Program Files/Thomson/ST330/service/st330service.exe [581632 2017-10-30] (THOMSON Telecom Belgium) [File not signed]
    R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1324680 2012-01-23] (SPAMfighter ApS)
    R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
    R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
    R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
    R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
    S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ACPIVPC; C:\WINDOWS\System32\DRIVERS\AcpiVpc.sys [7296 2005-10-11] (Lenovo Corporation)
    S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed]
    S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed]
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
    S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
    R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [142240 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-07-08] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr.sys [63224 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-24] (AVG Technologies CZ, s.r.o.)
    R3 avgStmXP; C:\WINDOWS\System32\drivers\avgStmXP.sys [198248 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-07-08] (AVG Technologies CZ, s.r.o.)
    R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2012-12-27] (Windows (R) Codename Longhorn DDK provider)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 DCamUSBTP10; C:\WINDOWS\System32\Drivers\TP6810.sys [241704 2006-06-15] (Microsoft Corporation) [File not signed]
    R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
    R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [568320 2009-01-14] (Conexant Systems Inc.)
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206848 2006-05-08] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-05-08] (Conexant Systems, Inc.)
    S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [144416 2017-03-22] (Zemana Ltd.)
    R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-26] (Lavasoft AB)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2018-07-25] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2018-07-29] (Malwarebytes)
    S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [115790 2002-07-03] (Mars Semiconductor Corp.) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
    R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
    S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
    S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-03-07] ()
    R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM Corp.)
    R1 RapportCerberus_1804077; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-11-08] (IBM Corp.)
    R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM Corp.)
    R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM Corp.)
    R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [302720 2004-03-23] ()
    R3 ST330; C:\WINDOWS\System32\drivers\st330.sys [30464 2010-09-23] (THOMSON Telecom Belgium)
    R3 STBUS; C:\WINDOWS\System32\drivers\stbus.sys [12672 2010-09-23] (THOMSON Telecom Belgium)
    S3 STETH; C:\WINDOWS\System32\DRIVERS\steth.sys [40320 2010-09-23] (THOMSON Telecom Belgium)
    R3 stppp; C:\WINDOWS\System32\DRIVERS\stppp.sys [32000 2017-05-19] (THOMSON Telecom Belgium)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
    S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [37080 2010-08-25] (Windows (R) 2000 DDK provider)
    S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [395464 2010-08-25] (Paragon)
    R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-08-05] (Acronis)
    R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-08-05] (Acronis)
    R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
    S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
    S4 IntelIde; no ImagePath
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
    S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
    S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
    S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

  3. #33
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Here is part 2 of the FIRST scan report:

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-07-30 01:19 - 2018-07-30 01:20 - 000035347 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
    2018-07-30 01:18 - 2018-07-30 01:18 - 001773056 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
    2018-07-29 09:46 - 2013-03-07 13:36 - 000010200 ____N C:\WINDOWS\system32\pwdspio.sys
    2018-07-29 09:00 - 2018-07-29 12:17 - 000439103 _____ C:\WINDOWS\system32\vsconfig.xml
    2018-07-29 08:59 - 2018-07-29 08:59 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
    2018-07-29 08:44 - 2018-07-29 08:59 - 000000000 ____D C:\Program Files\CheckPoint
    2018-07-29 08:13 - 2018-07-29 20:06 - 000000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-28 05:35 - 2018-07-28 05:35 - 000007061 _____ C:\WINDOWS\Registry Drill Uninstall Log.txt
    2018-07-28 03:17 - 2018-07-29 21:51 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2018-07-28 03:12 - 2018-07-30 01:04 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
    2018-07-27 20:46 - 2018-07-30 01:19 - 000000000 ____D C:\FRST
    2018-07-26 21:26 - 2018-07-26 21:26 - 000000986 _____ C:\Documents and Settings\Administrator\Desktop\Shortcut to Ghostpress.exe.lnk
    2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
    2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wolf of Webstreet OPC Private Limited
    2018-07-26 11:57 - 2018-07-26 11:57 - 000026795 _____ C:\Documents and Settings\Administrator\My Documents\Azimo transf to Malvic Stg 34.99 incl 2.99 fees birthday - 25 Jul 2018.eml
    2018-07-26 11:55 - 2018-07-26 11:55 - 000026765 _____ C:\Documents and Settings\Administrator\My Documents\Azimo Transf for Nancy - for cough med - Stg 28.99 incl 2.99 fees - 25 July 2018.eml
    2018-07-25 15:37 - 2018-07-26 21:25 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Ghostpress
    2018-07-25 15:31 - 2018-07-25 15:27 - 000691299 _____ C:\Documents and Settings\Administrator\My Documents\Ghostpress.zip
    2018-07-25 09:38 - 2018-07-28 02:41 - 037090097 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2018-07-25 09:38 - 2018-07-28 02:37 - 134915712 _____ C:\WINDOWS\ZAM.krnl.trace
    2018-07-25 09:28 - 2017-03-22 12:44 - 000144416 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt32.sys
    2018-07-25 09:27 - 2018-07-25 09:38 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Zemana
    2018-07-24 05:42 - 2018-07-08 23:32 - 000322800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
    2018-07-15 18:05 - 2018-07-15 18:05 - 000000000 _____ C:\Documents and Settings\Administrator\last.dump
    2018-07-08 23:40 - 2018-07-24 05:43 - 000001616 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
    2018-07-08 23:40 - 2018-07-08 23:40 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2018-07-08 23:34 - 2018-07-29 21:43 - 000000358 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
    2018-07-08 23:33 - 2018-07-24 05:43 - 000387312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000776504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000198248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStmXP.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000159936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000126056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000064232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000063224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
    2018-07-08 23:33 - 2018-07-08 23:32 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
    2018-07-08 23:33 - 2018-07-08 23:31 - 000276712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
    2018-07-08 23:33 - 2018-07-08 23:31 - 000181240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
    2018-07-08 23:33 - 2018-07-08 23:31 - 000157840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
    2018-07-08 23:33 - 2018-07-08 23:31 - 000142240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
    2018-07-08 23:33 - 2018-07-08 23:31 - 000050360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
    2018-07-08 23:32 - 2018-07-08 23:32 - 001142064 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
    2018-07-08 23:28 - 2018-07-24 08:09 - 000000000 ____D C:\Program Files\AVG
    2018-07-08 23:24 - 2018-07-24 05:33 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
    2018-07-08 23:24 - 2018-07-08 23:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
    2018-07-08 23:24 - 2018-07-08 23:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
    2018-07-08 23:04 - 2018-07-08 23:04 - 000180454 _____ C:\Documents and Settings\All Users\Application Data\1531080871.bdinstall.bin
    2018-07-08 22:18 - 2018-07-08 22:18 - 000242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
    2018-07-08 21:23 - 2018-07-08 21:23 - 000031682 _____ C:\Documents and Settings\All Users\Application Data\1531081369.bdinstall.bin
    2018-07-08 21:14 - 2018-07-08 21:14 - 000036949 _____ C:\Documents and Settings\All Users\Application Data\1531080857.bdinstall.bin
    2018-07-07 05:56 - 2018-07-07 05:56 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Fighters
    2018-07-06 09:54 - 2018-07-06 09:54 - 000178007 _____ C:\Documents and Settings\All Users\Application Data\1530867194.bdinstall.bin
    2018-07-06 09:53 - 2018-07-06 09:53 - 000036971 _____ C:\Documents and Settings\All Users\Application Data\1530867173.bdinstall.bin
    2018-07-06 09:29 - 2018-07-06 09:29 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\LiveKit
    2018-07-01 03:00 - 2018-07-01 03:03 - 000018940 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1840.bin
    2018-07-01 03:00 - 2013-05-28 04:11 - 000355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2018-07-01 03:00 - 2013-04-22 05:20 - 000164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2018-07-01 03:00 - 2013-04-17 13:59 - 000633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2018-07-01 03:00 - 2013-04-17 13:59 - 000486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2018-07-01 02:59 - 2018-07-01 03:01 - 000106707 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1868.bin
    2018-07-01 02:58 - 2018-07-01 03:03 - 000038520 _____ C:\Documents and Settings\All Users\Application Data\1530410304.3108.bin
    2018-07-01 02:58 - 2018-07-01 03:01 - 000009515 _____ C:\Documents and Settings\All Users\Application Data\1530410304.3548.bin
    2018-07-01 02:58 - 2018-07-01 03:01 - 000003549 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1624.bin
    2018-07-01 02:53 - 2018-07-01 02:53 - 000031495 _____ C:\Documents and Settings\All Users\Application Data\1530410007.bdinstall.bin
    2018-07-01 02:51 - 2018-07-01 02:51 - 000008079 _____ C:\Documents and Settings\All Users\Application Data\1530409854.5484.bin
    2018-07-01 02:50 - 2018-07-01 02:51 - 000038957 _____ C:\Documents and Settings\All Users\Application Data\1530409854.6012.bin
    2018-07-01 02:50 - 2018-07-01 02:51 - 000002406 _____ C:\Documents and Settings\All Users\Application Data\1530409854.4648.bin
    2018-07-01 02:50 - 2018-07-01 02:51 - 000001390 _____ C:\Documents and Settings\All Users\Application Data\1530409854.5900.bin
    2018-07-01 02:50 - 2018-07-01 02:50 - 000036949 _____ C:\Documents and Settings\All Users\Application Data\1530409844.bdinstall.bin

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-07-30 01:20 - 2010-04-15 19:08 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
    2018-07-30 01:17 - 2010-04-15 23:31 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
    2018-07-30 01:12 - 2017-05-19 05:01 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2018-07-30 01:12 - 2012-07-16 19:13 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2018-07-30 00:51 - 2017-10-23 20:32 - 000001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job
    2018-07-29 23:51 - 2017-10-23 20:32 - 000000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job
    2018-07-29 23:10 - 2018-06-29 02:19 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2018-07-29 22:01 - 2011-06-26 22:08 - 000000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    2018-07-29 21:12 - 2017-05-19 05:01 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2018-07-29 20:12 - 2010-04-15 19:07 - 000032616 _____ C:\WINDOWS\SchedLgU.Txt
    2018-07-29 20:06 - 2013-01-11 02:18 - 000000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-29 19:49 - 2017-10-28 15:45 - 000000344 ____H C:\WINDOWS\Tasks\CCleaner Update.job
    2018-07-29 18:55 - 2017-10-31 00:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\ViberPC
    2018-07-29 18:54 - 2010-04-15 11:51 - 000659190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-07-29 18:54 - 1996-11-21 00:00 - 000023473 ____H C:\WINDOWS\system32\FFASTLOG.TXT
    2018-07-29 18:50 - 2010-10-05 03:28 - 000000294 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-29 18:49 - 2008-04-14 13:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl
    2018-07-29 18:48 - 2018-04-12 11:37 - 000000316 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-29 18:48 - 2012-06-11 17:46 - 000000031 ____C C:\WINDOWS\system32\bbcap.err
    2018-07-29 18:48 - 2010-04-15 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-07-29 18:46 - 2011-06-20 15:43 - 000329698 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2018-07-29 18:46 - 2010-04-15 19:08 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2018-07-29 18:46 - 2010-04-15 19:08 - 000000000 ____D C:\Documents and Settings\Administrator
    2018-07-29 14:20 - 2014-03-11 17:50 - 000000342 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-29 09:58 - 2010-09-01 22:36 - 000014848 __SHC C:\WINDOWS\Thumbs.db
    2018-07-29 09:47 - 2010-04-15 19:09 - 000093968 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2018-07-29 09:46 - 2010-04-15 11:49 - 000000181 ___SH C:\boot.ini
    2018-07-29 09:08 - 2010-04-15 11:50 - 000343424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-07-29 08:58 - 2015-04-19 21:45 - 000193320 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2018-07-29 08:57 - 2010-09-26 03:32 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
    2018-07-29 08:57 - 2010-04-15 11:42 - 000000000 ___HD C:\WINDOWS\inf
    2018-07-29 08:44 - 2012-05-04 22:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
    2018-07-28 23:59 - 2018-03-13 21:12 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
    2018-07-28 23:59 - 2010-04-15 19:00 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-07-28 23:04 - 2010-09-04 19:01 - 000002383 _____ C:\Documents and Settings\All Users\Desktop\VideoMonitor.lnk
    2018-07-28 05:37 - 2010-09-02 02:18 - 000000000 ____D C:\Program Files\Easy Desk Utilities
    2018-07-28 05:25 - 2017-10-14 20:04 - 000002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
    2018-07-27 01:10 - 2010-08-31 13:22 - 000000302 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-26 21:24 - 2018-06-18 12:10 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\File Viewer
    2018-07-26 19:57 - 2017-10-16 02:15 - 000000000 ____C C:\WINDOWS\system32\last.dump
    2018-07-26 18:04 - 2017-10-30 05:49 - 000000797 _____ C:\Documents and Settings\Administrator\Desktop\Hangouts.lnk
    2018-07-26 05:54 - 2011-07-10 16:53 - 000862354 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-448539723-1606980848-500-0.dat
    2018-07-25 20:31 - 2010-04-15 19:07 - 000000000 __SHD C:\Documents and Settings\LocalService
    2018-07-25 15:26 - 2018-05-22 15:21 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2018-07-25 15:26 - 2010-09-20 17:40 - 000000000 ____D C:\WINDOWS\Minidump
    2018-07-25 15:21 - 2013-01-10 20:33 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2018-07-25 15:12 - 2010-09-02 02:52 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\U3
    2018-07-25 11:19 - 2018-06-29 02:20 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2018-07-24 09:02 - 2015-01-08 22:49 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
    2018-07-24 08:09 - 2016-01-01 16:59 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
    2018-07-24 05:03 - 2010-04-15 19:06 - 000000000 __SHD C:\Documents and Settings\NetworkService
    2018-07-24 05:01 - 2010-04-15 18:59 - 000000000 ____D C:\WINDOWS\Registration
    2018-07-23 19:05 - 2014-03-11 17:50 - 000000324 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
    2018-07-23 13:46 - 2018-06-20 14:26 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\ViberDownloads
    2018-07-23 10:42 - 2018-06-29 03:04 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Declaration of Tax Residency - om..leng pak pak excl
    2018-07-23 00:05 - 2017-10-22 17:00 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
    2018-07-15 15:46 - 2012-12-14 00:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-07-14 18:33 - 2010-09-17 17:50 - 000538624 __SHC C:\Documents and Settings\Administrator\My Documents\Thumbs.db
    2018-07-10 15:12 - 2012-05-19 16:02 - 000842240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2018-07-10 15:12 - 2011-06-15 16:57 - 000175104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2018-07-08 23:42 - 2017-08-26 01:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
    2018-07-08 15:00 - 2014-03-11 13:56 - 000000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2018-07-06 09:40 - 2017-10-15 21:48 - 000000000 ____D C:\Program Files\Fighters
    2018-07-01 19:56 - 2010-09-11 18:13 - 000002375 _____ C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
    2018-07-01 02:02 - 2010-04-15 19:06 - 000000178 __SHC C:\Documents and Settings\NetworkService\ntuser.ini

    ==================== Files in the root of some directories =======

    2010-09-18 12:51 - 2010-09-18 12:53 - 000000015 ____N () C:\Documents and Settings\Administrator\settings.dat
    2012-03-13 12:02 - 2012-03-13 12:02 - 000000022 ___SH () C:\Documents and Settings\Administrator\Application Data\Sys2662.Config.Repository.bin
    2011-07-08 17:33 - 1996-11-21 08:00 - 000000002 ____C () C:\Documents and Settings\Administrator\Application Data\Microsoft\ArtGalry.cag
    2010-08-31 15:21 - 2012-06-11 09:34 - 000100352 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-12-03 14:13 - 2012-12-03 14:13 - 000027520 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
    2010-09-09 20:47 - 2010-09-09 20:47 - 000088278 ____C () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
    2017-10-28 20:15 - 2017-10-28 20:15 - 000221100 _____ () C:\Documents and Settings\All Users\Application Data\1509217961.bdinstall.bin
    2017-12-16 07:31 - 2017-12-16 07:31 - 000036955 _____ () C:\Documents and Settings\All Users\Application Data\1513405877.bdinstall.bin
    2017-12-16 07:35 - 2017-12-16 07:35 - 000178259 _____ () C:\Documents and Settings\All Users\Application Data\1513405883.bdinstall.bin
    2017-12-16 08:03 - 2017-12-16 08:03 - 000036971 _____ () C:\Documents and Settings\All Users\Application Data\1513407823.bdinstall.bin
    2017-12-16 08:03 - 2017-12-16 08:04 - 000001305 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.2116.bin
    2017-12-16 08:03 - 2017-12-16 08:04 - 000002405 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.3164.bin
    2017-12-16 08:03 - 2017-12-16 08:04 - 000038977 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.3780.bin
    2017-12-16 08:04 - 2017-12-16 08:04 - 000008079 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.4588.bin
    2017-12-16 08:04 - 2017-12-16 08:04 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1513407840.bdinstall.bin
    2017-12-16 08:04 - 2017-12-16 08:04 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1513407844.bdinstall.bin
    2017-12-16 08:16 - 2017-12-16 08:16 - 000093509 _____ () C:\Documents and Settings\All Users\Application Data\1513408284.bdinstall.bin
    2017-12-16 08:27 - 2017-12-16 08:27 - 000213884 _____ () C:\Documents and Settings\All Users\Application Data\1513409101.bdinstall.bin
    2017-12-17 02:04 - 2017-12-17 02:04 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1513472675.bdinstall.bin
    2017-12-17 02:04 - 2017-12-17 02:04 - 000039490 _____ () C:\Documents and Settings\All Users\Application Data\1513472678.bdinstall.bin
    2017-12-17 02:05 - 2017-12-17 02:05 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1513472713.bdinstall.bin
    2017-12-17 02:08 - 2017-12-17 02:08 - 000096015 _____ () C:\Documents and Settings\All Users\Application Data\1513472717.bdinstall.bin
    2017-12-17 02:24 - 2017-12-17 02:24 - 000201480 _____ () C:\Documents and Settings\All Users\Application Data\1513473765.bdinstall.bin
    2017-12-17 03:45 - 2017-12-17 03:45 - 000036954 _____ () C:\Documents and Settings\All Users\Application Data\1513478746.bdinstall.bin
    2017-12-17 03:46 - 2017-12-17 03:46 - 000179968 _____ () C:\Documents and Settings\All Users\Application Data\1513478752.bdinstall.bin
    2018-06-26 11:58 - 2018-06-26 11:58 - 000037227 _____ () C:\Documents and Settings\All Users\Application Data\1530010692.bdinstall.bin
    2018-06-26 12:00 - 2018-06-26 12:00 - 000178655 _____ () C:\Documents and Settings\All Users\Application Data\1530010711.bdinstall.bin
    2018-07-01 02:50 - 2018-07-01 02:50 - 000036949 _____ () C:\Documents and Settings\All Users\Application Data\1530409844.bdinstall.bin
    2018-07-01 02:50 - 2018-07-01 02:51 - 000002406 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.4648.bin
    2018-07-01 02:51 - 2018-07-01 02:51 - 000008079 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.5484.bin
    2018-07-01 02:50 - 2018-07-01 02:51 - 000001390 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.5900.bin
    2018-07-01 02:50 - 2018-07-01 02:51 - 000038957 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.6012.bin
    2018-07-01 02:53 - 2018-07-01 02:53 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1530410007.bdinstall.bin
    2018-07-01 02:58 - 2018-07-01 03:01 - 000003549 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1624.bin
    2018-07-01 03:00 - 2018-07-01 03:03 - 000018940 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1840.bin
    2018-07-01 02:59 - 2018-07-01 03:01 - 000106707 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1868.bin
    2018-07-01 02:58 - 2018-07-01 03:03 - 000038520 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.3108.bin
    2018-07-01 02:58 - 2018-07-01 03:01 - 000009515 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.3548.bin
    2018-07-06 09:53 - 2018-07-06 09:53 - 000036971 _____ () C:\Documents and Settings\All Users\Application Data\1530867173.bdinstall.bin
    2018-07-06 09:54 - 2018-07-06 09:54 - 000178007 _____ () C:\Documents and Settings\All Users\Application Data\1530867194.bdinstall.bin
    2018-07-08 21:14 - 2018-07-08 21:14 - 000036949 _____ () C:\Documents and Settings\All Users\Application Data\1531080857.bdinstall.bin
    2018-07-08 23:04 - 2018-07-08 23:04 - 000180454 _____ () C:\Documents and Settings\All Users\Application Data\1531080871.bdinstall.bin
    2018-07-08 21:23 - 2018-07-08 21:23 - 000031682 _____ () C:\Documents and Settings\All Users\Application Data\1531081369.bdinstall.bin

    Some files in TEMP:
    ====================
    2018-07-24 05:19 - 2018-07-24 05:19 - 000275504 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe
    2018-07-08 23:25 - 2018-07-08 23:25 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe
    2018-07-24 05:22 - 2018-07-24 05:22 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe
    2018-07-24 05:33 - 2018-07-24 05:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe
    2018-07-01 19:56 - 2018-07-01 19:56 - 000511640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe
    2018-07-28 03:12 - 2010-12-09 16:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

  4. #34
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Here is the Additional report:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
    Ran by Administrator (30-07-2018 01:21:15)
    Running from C:\Documents and Settings\Administrator\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2010-04-15 18:05:51)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1801674531-448539723-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1801674531-448539723-1606980848-1003 - Limited - Enabled)
    Guest (S-1-5-21-1801674531-448539723-1606980848-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1801674531-448539723-1606980848-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1801674531-448539723-1606980848-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
    AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
    FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acronis True Image WD*Edition (HKLM\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14157 - Acronis)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
    Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Any Video Converter 3.3.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
    AxCrypt 1.7.3156.0 (HKLM\...\{DB066768-5A50-4C44-815B-4E8A6A39335E}) (Version: 1.7.3156.0 - Axantum Software AB)
    BB FlashBack Express (HKLM\...\BB FlashBack Express) (Version: 3.2.7.2349 - Blueberry)
    CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
    ClipGrab 3.6.8 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
    Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
    Digital Camera Driver (HKLM\...\Digital Camera Driver) (Version: - )
    DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.2.2 - DivX, Inc.)
    Dr SpeedTouch (HKLM\...\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}) (Version: - )
    EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: - )
    EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
    EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
    Eraser 5.82 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.82 - Heidi Computers Ltd.)
    FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
    File Identifier (HKLM\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
    File Viewer Lite (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.4.1 - Sharpened Productions)
    Freemake Video Converter version 4.1.10 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Hard Disk Sentinel (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
    Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.260 - Oracle)
    K-Lite Codec Pack 8.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
    Macrium Reflect - Free Edition (HKLM\...\{BB912177-24CC-4AEE-8329-97D7ACD125D4}) (Version: 4.2.3775 - Macrium)
    Magitime (HKLM\...\Magitime) (Version: - )
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    MiniTool Partition Wizard Home Edition 7.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    Mozilla Firefox 52.9.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-GB)) (Version: 52.9.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
    MSRuntime Libraries (HKLM\...\{ECA2B21B-A180-4775-B93F-6E404E36A8CC}) (Version: 1.0.0 - Thomson)
    Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
    O2InstV3Win7UpdateV2 (HKLM\...\{74B1CEB6-B4BF-46FD-8080-CE3C1809B010}) (Version: 10 - SupportSoft) Hidden
    OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    QuickOn Button (HKLM\...\QkOnBtn) (Version: - )
    QuickStroke (HKLM\...\{2BDBE4EC-89F3-4663-8C00-F9E2EC726AF5}) (Version: - )
    Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
    RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
    Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
    Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
    SmartCamera Ver 2.1 (HKLM\...\{9527450C-64B3-11D5-9B31-000021116B62}) (Version: 2.01.0001 - MingjongTechnologies CO.,LTD.)
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA2075) (Version: - )
    SPAMfighter (HKLM\...\{AD0002B9-2363-43C5-BA94-2A71AD86BE17}) (Version: 7.5.131 - Spamfighter ApS) Hidden
    SPAMfighter (HKLM\...\SPAMfighter) (Version: 7.5.131 - Spamfighter ApS)
    SpeedTouch 330 (HKLM\...\SpeedTouch 330) (Version: - )
    Startup Cop (HKLM\...\Startup Cop) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
    TIPCI (HKLM\...\{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
    Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
    USB PC Camera (SN9C103) (HKLM\...\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}) (Version: 4.6.6.0 - )
    VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
    Viber (HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
    WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
    ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point)
    ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
    ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
    ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
    ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
    ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
    ContextMenuHandlers1: [SDContextExt] -> {70F8E90E-353A-47AB-B297-C576345EE693} => -> No File
    ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
    ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RShellExt.dll [2011-07-01] (Paramount Software UK Ltd)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2006-05-08] (Intel Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
    ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
    ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

    ==================== Scheduled Tasks=============================

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
    Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\4 On-Demand.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=anhngjkonjhfnhekadjnofhcjjhnljhh
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\BBC iPlayer.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jahnifecgkhjbcbjfkplnplfkcebgafc
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\My5.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=memeiodlbggpddhlkeoppgnefjdgpcda
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\The ITV.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enlkekmehifkbcpadgpbhjcepnannhml
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Desktop\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-10-30 08:23 - 2017-10-30 08:23 - 004349952 _____ () C:\Program Files\Thomson\ST330\service\qt-mt337.dll
    2018-07-08 23:32 - 2018-07-08 23:32 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
    2018-07-08 23:39 - 2018-07-08 23:39 - 000907504 _____ () C:\Program Files\AVG\Antivirus\anen.dll
    2018-07-08 23:32 - 2018-07-08 23:32 - 000533744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
    2018-07-08 23:32 - 2018-07-08 23:32 - 000986352 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
    2018-07-29 18:56 - 2018-07-29 18:56 - 005890800 _____ () C:\Program Files\AVG\Antivirus\defs\18072904\algo.dll
    2015-06-02 16:51 - 2015-06-02 16:51 - 000545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
    2013-08-14 15:19 - 2013-08-14 15:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2011-07-01 12:55 - 2011-07-01 12:55 - 000220824 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
    2010-09-04 19:02 - 2003-10-24 19:21 - 000053248 ____C () C:\WINDOWS\system32\dsnpstd2.dll
    2010-09-08 10:45 - 2010-09-08 10:45 - 001034752 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    2010-09-08 10:53 - 2010-09-08 10:53 - 000886272 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
    2010-09-08 10:44 - 2010-09-08 10:44 - 000484352 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    2010-09-04 19:02 - 2004-01-06 02:34 - 000040960 _____ () C:\WINDOWS\vsnpstd2.exe
    2017-10-30 08:23 - 2017-10-30 08:23 - 004222976 _____ () C:\Program Files\Thomson\ST330\diagnostics\qt-mt332.dll
    2017-10-30 08:23 - 2017-10-30 08:23 - 000364544 _____ () C:\Program Files\Thomson\ST330\diagnostics\qwt.dll
    2012-03-15 11:44 - 2012-03-15 11:44 - 000549512 _____ () C:\Program Files\Fighters\SPAMfighter\sfsg.dll
    2012-03-15 11:44 - 2017-10-15 21:50 - 000966248 ____T () C:\Program Files\Fighters\SPAMfighter\sfse.dll
    2018-05-21 10:06 - 2017-07-26 11:57 - 000080896 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    2018-07-08 23:40 - 2018-07-08 23:40 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
    2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files\Skype\Phone\skypert.dll
    2008-04-14 13:00 - 2008-04-14 13:00 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 13:00 - 2008-04-14 13:00 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2008-04-14 13:00 - 2008-04-14 13:00 - 000192512 ____C () C:\WINDOWS\system32\qcap.dll
    2008-04-14 13:00 - 2013-01-02 07:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
    2007-02-13 01:31 - 2007-02-13 01:31 - 001111552 _____ () C:\Program Files\FastStone Capture\FSCapture.exe
    2018-06-29 02:17 - 2018-04-25 13:16 - 001930960 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 13:00 - 2018-07-29 12:22 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 212.159.6.9 - 212.159.6.10
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\eraser.exe -hide
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
    StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe] => Enabled:ST330 service
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson\ST330\service\st330service.exe] => Enabled:ST330 service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Antivirus\AvEmUpdate.exe] => Enabled:Antivirus Emergency Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabled:@xpsp2res.dll,-22008

    ==================== Restore Points =========================

    19-07-2018 19:34:30 Automatic Restore Point
    19-07-2018 22:21:03 Automatic Restore Point
    20-07-2018 00:32:58 Automatic Restore Point
    20-07-2018 05:38:25 Automatic Restore Point
    20-07-2018 14:48:15 Automatic Restore Point
    21-07-2018 16:54:14 Automatic Restore Point
    22-07-2018 02:00:18 Restore Operation
    22-07-2018 02:10:34 Automatic Restore Point
    22-07-2018 02:18:04 Installed Windows XP Wdf01009.
    22-07-2018 02:23:47 Automatic Restore Point
    22-07-2018 16:10:43 Automatic Restore Point
    22-07-2018 16:21:37 Automatic Restore Point
    22-07-2018 17:23:24 Automatic Restore Point
    22-07-2018 21:00:34 Automatic Restore Point
    22-07-2018 21:25:09 Automatic Restore Point
    23-07-2018 22:08:27 Automatic Restore Point
    24-07-2018 01:23:18 Automatic Restore Point
    24-07-2018 03:11:33 Automatic Restore Point
    24-07-2018 03:25:34 Restore Operation
    24-07-2018 03:50:35 Restore Operation
    24-07-2018 04:15:46 Restore Operation
    24-07-2018 04:41:32 Restore Operation
    24-07-2018 04:45:09 Automatic Restore Point
    24-07-2018 04:50:53 Restore Operation
    24-07-2018 05:11:31 Automatic Restore Point
    24-07-2018 05:18:08 Installed Windows XP Wdf01009.
    24-07-2018 05:24:47 Installed Windows XP Wdf01009.
    24-07-2018 06:06:28 Automatic Restore Point
    24-07-2018 07:31:05 Automatic Restore Point
    24-07-2018 07:47:40 Installed Windows KB954550-v5.
    24-07-2018 07:47:58 Printer Driver Microsoft XPS Document Writer Installed
    24-07-2018 07:48:18 Printer Driver Microsoft XPS Document Writer Installed
    24-07-2018 08:02:23 Automatic Restore Point
    24-07-2018 09:04:58 Automatic Restore Point
    24-07-2018 10:30:16 Automatic Restore Point
    24-07-2018 18:11:38 Automatic Restore Point
    25-07-2018 08:27:50 Automatic Restore Point
    25-07-2018 09:35:24 Automatic Restore Point
    25-07-2018 10:24:16 Automatic Restore Point
    25-07-2018 10:35:25 Revo Uninstaller's restore point - SpyShelter Premium 11.1
    25-07-2018 10:45:09 Automatic Restore Point
    25-07-2018 11:16:31 Automatic Restore Point
    25-07-2018 13:29:00 Automatic Restore Point
    25-07-2018 18:52:21 Installed Keylogger Detector
    25-07-2018 19:01:39 Revo Uninstaller's restore point - Keylogger Detector
    25-07-2018 19:02:05 Removed Keylogger Detector
    25-07-2018 19:05:44 Installed Keylogger Detector
    25-07-2018 19:07:29 Revo Uninstaller's restore point - Keylogger Detector
    25-07-2018 19:07:54 Removed Keylogger Detector
    25-07-2018 19:15:58 Automatic Restore Point
    25-07-2018 21:03:50 Automatic Restore Point
    26-07-2018 11:42:08 Automatic Restore Point
    26-07-2018 18:39:26 Automatic Restore Point
    26-07-2018 19:37:19 Automatic Restore Point
    26-07-2018 21:12:30 Automatic Restore Point
    27-07-2018 12:58:46 Automatic Restore Point
    27-07-2018 19:53:26 Automatic Restore Point
    27-07-2018 21:14:40 Automatic Restore Point
    27-07-2018 21:34:09 Installed Windows KB954550-v5.
    27-07-2018 21:34:25 Printer Driver Microsoft XPS Document Writer Installed
    27-07-2018 21:34:44 Printer Driver Microsoft XPS Document Writer Installed
    27-07-2018 21:49:55 Automatic Restore Point
    28-07-2018 02:36:28 Revo Uninstaller's restore point - MalwareFox AntiMalware
    28-07-2018 02:46:49 Automatic Restore Point
    28-07-2018 05:34:54 Revo Uninstaller's restore point - Registry Drill
    29-07-2018 06:38:07 Automatic Restore Point
    29-07-2018 08:12:57 Automatic Restore Point
    29-07-2018 08:29:03 Revo Uninstaller's restore point - ZoneAlarm Free Firewall
    29-07-2018 08:39:24 Automatic Restore Point
    29-07-2018 08:56:18 Installed Windows KB954550-v5.
    29-07-2018 08:56:37 Printer Driver Microsoft XPS Document Writer Installed
    29-07-2018 08:56:54 Printer Driver Microsoft XPS Document Writer Installed
    29-07-2018 09:12:28 Automatic Restore Point
    29-07-2018 12:25:35 Automatic Restore Point
    29-07-2018 18:55:06 Automatic Restore Point
    30-07-2018 01:02:22 Revo Uninstaller's restore point - RogueKiller version 12.12.28.0

    ==================== Faulty Device Manager Devices =============

    Name: IrDA Fast Infrared Port
    Description: IrDA Fast Infrared Port
    Class Guid: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
    Manufacturer: National Semiconductor
    Service: NSCIRDA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/29/2018 09:13:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (07/29/2018 07:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application roguekiller.exe, version 12.12.28.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x0000b152.
    Processing media-specific event for [roguekiller.exe!ws!]

    Error: (07/28/2018 01:11:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/27/2018 09:57:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/27/2018 09:50:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (07/27/2018 08:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application frst.exe, version 21.7.2018.0, faulting module frst.exe, version 21.7.2018.0, fault address 0x0002129e.
    Processing media-specific event for [frst.exe!ws!]

    Error: (07/26/2018 06:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/25/2018 08:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
    Processing media-specific event for [plugin-container.exe!ws!]


    System errors:
    =============
    Error: (07/29/2018 06:49:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon

    Error: (07/29/2018 06:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (07/29/2018 06:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (07/29/2018 06:49:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.

    Error: (07/29/2018 09:13:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon

    Error: (07/29/2018 08:40:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The avgbIDSAgent service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (07/29/2018 08:40:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the avgbIDSAgent service to connect.

    Error: (07/29/2018 08:38:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
    Percentage of memory in use: 66%
    Total physical RAM: 2038.07 MB
    Available physical RAM: 689.5 MB
    Total Virtual: 3406.3 MB
    Available Virtual: 2199.95 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:200.19 GB) (Free:125.86 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive d: (New Volume) (Fixed) (Total:265.57 GB) (Free:137.07 GB) NTFS


    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B4B9B3EC)
    Partition 1: (Active) - (Size=200.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=265.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  5. #35
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  6. #36
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Oh...so there is a problem with my laptop. Hope it is not a malware or virus because it has not been picked up by my antivirus and malwarebttes. Anyway, here is the First Fix log:

    Fix result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
    Ran by Administrator (30-07-2018 09:38:15) Run:1
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
    S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
    S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
    S4 IntelIde; no ImagePath
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
    S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
    S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
    S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
    2018-07-24 05:19 - 2018-07-24 05:19 - 000275504 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe
    2018-07-08 23:25 - 2018-07-08 23:25 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe
    2018-07-24 05:22 - 2018-07-24 05:22 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe
    2018-07-24 05:33 - 2018-07-24 05:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe
    2018-07-01 19:56 - 2018-07-01 19:56 - 000511640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe
    2018-07-28 03:12 - 2010-12-09 16:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
    ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
    ContextMenuHandlers1: [SDContextExt] -> {70F8E90E-353A-47AB-B297-C576345EE693} => -> No File
    ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File

    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedTouch USB Diagnostics" => removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully.
    HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
    "HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully.
    HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => not found
    "HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully.
    "HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully.
    "HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi" => removed successfully.
    "HKLM\System\CurrentControlSet\Services\Lavasoft Ad-Aware Service" => removed successfully.
    Lavasoft Ad-Aware Service => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\cpuz132" => removed successfully.
    cpuz132 => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
    IntelIde => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer" => removed successfully.
    Lavasoft Kernexplorer => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\TfFsMon" => removed successfully.
    TfFsMon => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\TfNetMon" => removed successfully.
    TfNetMon => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\TfSysMon" => removed successfully.
    TfSysMon => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\UIUSys" => removed successfully.
    UIUSys => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully.
    ZAM => service removed successfully.
    "HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully.
    ZAM_Guard => service removed successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe => moved successfully
    C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe => moved successfully
    C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe => moved successfully
    C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe => moved successfully
    C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe => moved successfully
    C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll => moved successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2" => removed successfully.
    HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
    HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\QuickShare" => removed successfully.
    HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDContextExt" => removed successfully.
    HKLM\Software\Classes\CLSID\{70F8E90E-353A-47AB-B297-C576345EE693} => not found
    "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
    HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
    HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found


    The system needed a reboot.

    ==== End of Fixlog 09:39:01 ====
    Last edited by slickcondo; July 30th, 2018 at 05:00 AM.

  7. #37
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    No need to worry.
    Those are very minor things. Nothing serious there

    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

  8. #38
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Here is the second scan on Faber Service Scanner:

    Farbar Service Scanner Version: 27-01-2016
    Ran by Administrator (administrator) on 31-07-2018 at 03:59:35
    Running from "C:\Documents and Settings\Administrator\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    WAN connected
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
    0x0B0000000600000001000000020000000300000004000000050000005A000000090000000A0000000700000008000000
    IpSec Tag value is correct.

    **** End of log ****

  9. #39
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063

  10. #40
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by jdc2000 View Post
    Hi jdc2000 - thanks for the link. But I can't open it. It just gave a blank page

  11. #41
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Broni - I ran the Temp File Cleaner, but it did not gave any scan report. The first time I ran it, it just restared my laptop. Ran again the second tme and it freezes my laptop. Only the 3rd time I ran it that the progress bar moves. But again no report

    I then installed the Sophops program and for some reason it created two icon on my desktop. Both icon looks different. I ran one of them and I hope this is the correct report as there is no scan log report. Just this one that appears after the scan:

    Results 1 - 3 of about 3 Search took 0.01 seconds.

    Detailed Analysis - Troj/Decept-HV - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks ...
    http://www.sophos.com/en-us/threat-c...-analysis.aspx

    ... Troj/Decept-HV. Category: Viruses and Spyware, Protection available since: 25 Jan 2018 07:18:16 (GMT). Type: Trojan, Last Updated: 25 Jan 2018 ...

    Troj/Decept-HV - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent ...
    http://www.sophos.com/en-us/threat-c...Decept-HV.aspx

    ... Troj/Decept-HV. Category: Viruses and Spyware, Protection available since: 25 Jan 2018 07:18:16 (GMT). Type: Trojan, Last Updated: 25 Jan 2018 ...

    [ More results from https://www.sophos.com/en-us/threat-...hreat-analyses ]

    Troj/Decept-HV - Anyone Else Have Detections? - Sophos Endpoint Software - Endpoint Security and Control - Sophos Community
    community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/99980/troj-decept-hv---anyone-else-have-detections

    ... Troj/Decept-HV - Anyone Else Have Detections? I had 4 systems have detections for Troj/Decept-HV early Friday, January 26, 2018. ...

    In order to show you the most relevant results, we have omitted some entries very similar to the 3 already displayed.
    If you like, you can repeat the search with the omitted results included.
    Last edited by slickcondo; July 31st, 2018 at 05:24 AM.

  12. #42
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    The link works for me. It is unlikely that KSL.com is blocking UK users from accessing it, it is more likely that your ISP is blocking it. If you had a VPN service, you could probably see it using a U.S.A. access point.

  13. #43
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Sophos log doesn't look right. Try second icon.
    I don't need Temp File Cleaner log.
    I still need Security Check log though (1st step).

  14. #44
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Broni - the second icon does not work at all. I think I will delete then and try down lownload again. But for some reason, I did not recieved any notifications that you ahve sent me a message and I was wondering. So I chceked here and saw your latest
    Last edited by slickcondo; August 1st, 2018 at 04:22 AM.

  15. #45
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by jdc2000 View Post
    The link works for me. It is unlikely that KSL.com is blocking UK users from accessing it, it is more likely that your ISP is blocking it. If you had a VPN service, you could probably see it using a U.S.A. access point.
    jdc2000. I don;t have a VPN service. I will try to open it again with a friend's laptop this weekend and see what is on that link. Thanks.

Thread Information

Users Browsing this Thread

There are currently 5 users browsing this thread. (0 members and 5 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •