July 29th, 2018, 07:53 PM
#31
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Double click to run it. Make sure you checkmark Addition.txt box. Press Scan button. Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
July 29th, 2018, 08:28 PM
#32
ok. Here is the first of 2 part of the First scan result. Part 2 follows and then the Additional scan report in the 3rd post.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Administrator (administrator) on HOME (30-07-2018 01:19:11)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\service\st330service.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\WINDOWS\vsnpstd2.exe
(Magistone Systems) C:\Program Files\Magitime\Magitime.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\s***ent.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\FastStone Capture\FSCapture.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-05-08] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-05-08] (Intel Corporation)
HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [40960 2004-01-06] ()
HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
HKLM\...\Run: [Magitime] => C:\Program Files\Magitime\magitime.exe [659456 2014-03-14] (Magistone Systems)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1453704 2012-02-02] (SPAMfighter ApS)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [diagnostics] => C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149 2017-10-30] (THOMSON Telecom Belgium)
HKLM\...\Run: [s***ent] => C:\Program Files\Fighters\SPAMfighter\s***ent.exe [1197704 2012-03-15] (SPAMfighter ApS)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-05-11] (RealNetworks, Inc.)
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-07-26] ()
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-07-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
Winlogon\Notify\NavLogon:
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã* r.l.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\MountPoints2: {78b543b0-bc6c-11e0-89f8-001636b15235} - F:\unlock.exe autoplay=true
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-06-22]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-30]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysRestorePoint.exe [2002-11-11] (Doug Knox)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{DEE303A4-64CF-40E7-BBF4-7BFB0121AD5D}: [NameServer] 212.159.6.9 212.159.6.10
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E8BB92A5-E42A-465D-B774-C5BC6F026298} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271356564296
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 [2018-07-30]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 -> hxxps://www.msn.com/en-gb/?ocid=mailsignout&AR=1
FF Extension: (IBM Security Rapport) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-08]
FF Extension: (Video Downloader Pro) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\@video_downloader_pro.xpi [2018-06-17]
FF Extension: (SaveFrom.net helper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (Flash and Video Download) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-28]
FF Extension: (Download with Internet Download Manager (IDM)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-10-16]
FF HKLM\...\Firefox\Extensions: [{051F5AD7-BA56-4780-890F-EAB21B44B01A}] - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A}
FF Extension: (XULRunner) - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A} [2010-09-16] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-18] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-19] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-11] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-06] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-05-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-05-11] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-10-01]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.msn.com/en-gb/
CHR StartupUrls: Default -> "hxxps://www.msn.com/en-gb/"
CHR DefaultSearchURL: Default -> hxxp://www.channel4.com/favicon.ico
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-07-25]
CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (4 On-Demand) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anhngjkonjhfnhekadjnofhcjjhnljhh [2017-11-01]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
CHR Extension: (Video Downloader Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2018-06-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diogmdacmdamkfnkeedajbbeglpeaigi [2017-10-15]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-06-18]
CHR Extension: (The ITV) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enlkekmehifkbcpadgpbhjcepnannhml [2017-11-01]
CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
CHR Extension: (WhatsApp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnpfjngllnobngcgfapefoaidbinmjnm [2017-10-15]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2017-05-19]
CHR Extension: (BBC iPlayer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahnifecgkhjbcbjfkplnplfkcebgafc [2017-11-01]
CHR Extension: (Hangouts) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kffnpbachbhakiomjoichllogeobmoli [2017-10-30]
CHR Extension: (4 Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgkjlaebagdlngdnngcejfejfjfamfjk [2017-10-15]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-06-26]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfheiaeoljbhacojcpijifmiaagpmjha [2017-10-15]
CHR Extension: (TVCatchup - TV Guide) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnkddnodjiogeonmkfjiikfobojmcbk [2017-10-15]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\memeiodlbggpddhlkeoppgnefjdgpcda [2017-11-01]
CHR Extension: (Video Downloader GetThemAll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (ITV CatchUp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobiaddkhdkdpekghklpdnjagimdmhdi [2017-10-15]
CHR Extension: (TVCatchup - Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obgolfleeijjdgkahmeimjecogcgpaca [2017-10-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
CHR Extension: (All 4) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ploblfmaojdpinjdldecofjjdgkcndda [2017-10-15]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-05-18] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-10] (Adobe Systems Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-07-08] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-07-08] (AVG Technologies CZ, s.r.o.)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [215688 2012-03-15] (SPAMfighter ApS)
R2 st330service; C:\Program Files/Thomson/ST330/service/st330service.exe [581632 2017-10-30] (THOMSON Telecom Belgium) [File not signed]
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1324680 2012-01-23] (SPAMfighter ApS)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ACPIVPC; C:\WINDOWS\System32\DRIVERS\AcpiVpc.sys [7296 2005-10-11] (Lenovo Corporation)
S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed]
S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed]
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [142240 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-07-08] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-07-08] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr.sys [63224 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-24] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\System32\drivers\avgStmXP.sys [198248 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-07-08] (AVG Technologies CZ, s.r.o.)
R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2012-12-27] (Windows (R) Codename Longhorn DDK provider)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBTP10; C:\WINDOWS\System32\Drivers\TP6810.sys [241704 2006-06-15] (Microsoft Corporation) [File not signed]
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [568320 2009-01-14] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206848 2006-05-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-05-08] (Conexant Systems, Inc.)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [144416 2017-03-22] (Zemana Ltd.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-26] (Lavasoft AB)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2018-07-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2018-07-29] (Malwarebytes)
S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [115790 2002-07-03] (Mars Semiconductor Corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-03-07] ()
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM Corp.)
R1 RapportCerberus_1804077; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-11-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM Corp.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [302720 2004-03-23] ()
R3 ST330; C:\WINDOWS\System32\drivers\st330.sys [30464 2010-09-23] (THOMSON Telecom Belgium)
R3 STBUS; C:\WINDOWS\System32\drivers\stbus.sys [12672 2010-09-23] (THOMSON Telecom Belgium)
S3 STETH; C:\WINDOWS\System32\DRIVERS\steth.sys [40320 2010-09-23] (THOMSON Telecom Belgium)
R3 stppp; C:\WINDOWS\System32\DRIVERS\stppp.sys [32000 2017-05-19] (THOMSON Telecom Belgium)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [37080 2010-08-25] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [395464 2010-08-25] (Paragon)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-08-05] (Acronis)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-08-05] (Acronis)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
==================== NetSvcs (Whitelisted) ===================
July 29th, 2018, 08:30 PM
#33
Here is part 2 of the FIRST scan report:
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-30 01:19 - 2018-07-30 01:20 - 000035347 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2018-07-30 01:18 - 2018-07-30 01:18 - 001773056 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2018-07-29 09:46 - 2013-03-07 13:36 - 000010200 ____N C:\WINDOWS\system32\pwdspio.sys
2018-07-29 09:00 - 2018-07-29 12:17 - 000439103 _____ C:\WINDOWS\system32\vsconfig.xml
2018-07-29 08:59 - 2018-07-29 08:59 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
2018-07-29 08:44 - 2018-07-29 08:59 - 000000000 ____D C:\Program Files\CheckPoint
2018-07-29 08:13 - 2018-07-29 20:06 - 000000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-28 05:35 - 2018-07-28 05:35 - 000007061 _____ C:\WINDOWS\Registry Drill Uninstall Log.txt
2018-07-28 03:17 - 2018-07-29 21:51 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-07-28 03:12 - 2018-07-30 01:04 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2018-07-27 20:46 - 2018-07-30 01:19 - 000000000 ____D C:\FRST
2018-07-26 21:26 - 2018-07-26 21:26 - 000000986 _____ C:\Documents and Settings\Administrator\Desktop\Shortcut to Ghostpress.exe.lnk
2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wolf of Webstreet OPC Private Limited
2018-07-26 11:57 - 2018-07-26 11:57 - 000026795 _____ C:\Documents and Settings\Administrator\My Documents\Azimo transf to Malvic Stg 34.99 incl 2.99 fees birthday - 25 Jul 2018.eml
2018-07-26 11:55 - 2018-07-26 11:55 - 000026765 _____ C:\Documents and Settings\Administrator\My Documents\Azimo Transf for Nancy - for cough med - Stg 28.99 incl 2.99 fees - 25 July 2018.eml
2018-07-25 15:37 - 2018-07-26 21:25 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Ghostpress
2018-07-25 15:31 - 2018-07-25 15:27 - 000691299 _____ C:\Documents and Settings\Administrator\My Documents\Ghostpress.zip
2018-07-25 09:38 - 2018-07-28 02:41 - 037090097 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-07-25 09:38 - 2018-07-28 02:37 - 134915712 _____ C:\WINDOWS\ZAM.krnl.trace
2018-07-25 09:28 - 2017-03-22 12:44 - 000144416 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt32.sys
2018-07-25 09:27 - 2018-07-25 09:38 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Zemana
2018-07-24 05:42 - 2018-07-08 23:32 - 000322800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-07-15 18:05 - 2018-07-15 18:05 - 000000000 _____ C:\Documents and Settings\Administrator\last.dump
2018-07-08 23:40 - 2018-07-24 05:43 - 000001616 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
2018-07-08 23:40 - 2018-07-08 23:40 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2018-07-08 23:34 - 2018-07-29 21:43 - 000000358 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2018-07-08 23:33 - 2018-07-24 05:43 - 000387312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000776504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000198248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStmXP.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000159936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000126056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000064232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000063224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000276712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000181240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000157840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000142240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000050360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2018-07-08 23:32 - 2018-07-08 23:32 - 001142064 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2018-07-08 23:28 - 2018-07-24 08:09 - 000000000 ____D C:\Program Files\AVG
2018-07-08 23:24 - 2018-07-24 05:33 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2018-07-08 23:24 - 2018-07-08 23:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2018-07-08 23:24 - 2018-07-08 23:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2018-07-08 23:04 - 2018-07-08 23:04 - 000180454 _____ C:\Documents and Settings\All Users\Application Data\1531080871.bdinstall.bin
2018-07-08 22:18 - 2018-07-08 22:18 - 000242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2018-07-08 21:23 - 2018-07-08 21:23 - 000031682 _____ C:\Documents and Settings\All Users\Application Data\1531081369.bdinstall.bin
2018-07-08 21:14 - 2018-07-08 21:14 - 000036949 _____ C:\Documents and Settings\All Users\Application Data\1531080857.bdinstall.bin
2018-07-07 05:56 - 2018-07-07 05:56 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Fighters
2018-07-06 09:54 - 2018-07-06 09:54 - 000178007 _____ C:\Documents and Settings\All Users\Application Data\1530867194.bdinstall.bin
2018-07-06 09:53 - 2018-07-06 09:53 - 000036971 _____ C:\Documents and Settings\All Users\Application Data\1530867173.bdinstall.bin
2018-07-06 09:29 - 2018-07-06 09:29 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\LiveKit
2018-07-01 03:00 - 2018-07-01 03:03 - 000018940 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1840.bin
2018-07-01 03:00 - 2013-05-28 04:11 - 000355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2018-07-01 03:00 - 2013-04-22 05:20 - 000164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-07-01 03:00 - 2013-04-17 13:59 - 000633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-07-01 03:00 - 2013-04-17 13:59 - 000486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2018-07-01 02:59 - 2018-07-01 03:01 - 000106707 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1868.bin
2018-07-01 02:58 - 2018-07-01 03:03 - 000038520 _____ C:\Documents and Settings\All Users\Application Data\1530410304.3108.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000009515 _____ C:\Documents and Settings\All Users\Application Data\1530410304.3548.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000003549 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1624.bin
2018-07-01 02:53 - 2018-07-01 02:53 - 000031495 _____ C:\Documents and Settings\All Users\Application Data\1530410007.bdinstall.bin
2018-07-01 02:51 - 2018-07-01 02:51 - 000008079 _____ C:\Documents and Settings\All Users\Application Data\1530409854.5484.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000038957 _____ C:\Documents and Settings\All Users\Application Data\1530409854.6012.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000002406 _____ C:\Documents and Settings\All Users\Application Data\1530409854.4648.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000001390 _____ C:\Documents and Settings\All Users\Application Data\1530409854.5900.bin
2018-07-01 02:50 - 2018-07-01 02:50 - 000036949 _____ C:\Documents and Settings\All Users\Application Data\1530409844.bdinstall.bin
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-30 01:20 - 2010-04-15 19:08 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2018-07-30 01:17 - 2010-04-15 23:31 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2018-07-30 01:12 - 2017-05-19 05:01 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-07-30 01:12 - 2012-07-16 19:13 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-07-30 00:51 - 2017-10-23 20:32 - 000001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job
2018-07-29 23:51 - 2017-10-23 20:32 - 000000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job
2018-07-29 23:10 - 2018-06-29 02:19 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-07-29 22:01 - 2011-06-26 22:08 - 000000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2018-07-29 21:12 - 2017-05-19 05:01 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-07-29 20:12 - 2010-04-15 19:07 - 000032616 _____ C:\WINDOWS\SchedLgU.Txt
2018-07-29 20:06 - 2013-01-11 02:18 - 000000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-29 19:49 - 2017-10-28 15:45 - 000000344 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-07-29 18:55 - 2017-10-31 00:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\ViberPC
2018-07-29 18:54 - 2010-04-15 11:51 - 000659190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-29 18:54 - 1996-11-21 00:00 - 000023473 ____H C:\WINDOWS\system32\FFASTLOG.TXT
2018-07-29 18:50 - 2010-10-05 03:28 - 000000294 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-29 18:49 - 2008-04-14 13:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl
2018-07-29 18:48 - 2018-04-12 11:37 - 000000316 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-29 18:48 - 2012-06-11 17:46 - 000000031 ____C C:\WINDOWS\system32\bbcap.err
2018-07-29 18:48 - 2010-04-15 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-29 18:46 - 2011-06-20 15:43 - 000329698 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-07-29 18:46 - 2010-04-15 19:08 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2018-07-29 18:46 - 2010-04-15 19:08 - 000000000 ____D C:\Documents and Settings\Administrator
2018-07-29 14:20 - 2014-03-11 17:50 - 000000342 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-29 09:58 - 2010-09-01 22:36 - 000014848 __SHC C:\WINDOWS\Thumbs.db
2018-07-29 09:47 - 2010-04-15 19:09 - 000093968 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-07-29 09:46 - 2010-04-15 11:49 - 000000181 ___SH C:\boot.ini
2018-07-29 09:08 - 2010-04-15 11:50 - 000343424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-29 08:58 - 2015-04-19 21:45 - 000193320 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-07-29 08:57 - 2010-09-26 03:32 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
2018-07-29 08:57 - 2010-04-15 11:42 - 000000000 ___HD C:\WINDOWS\inf
2018-07-29 08:44 - 2012-05-04 22:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2018-07-28 23:59 - 2018-03-13 21:12 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-07-28 23:59 - 2010-04-15 19:00 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-28 23:04 - 2010-09-04 19:01 - 000002383 _____ C:\Documents and Settings\All Users\Desktop\VideoMonitor.lnk
2018-07-28 05:37 - 2010-09-02 02:18 - 000000000 ____D C:\Program Files\Easy Desk Utilities
2018-07-28 05:25 - 2017-10-14 20:04 - 000002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2018-07-27 01:10 - 2010-08-31 13:22 - 000000302 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-26 21:24 - 2018-06-18 12:10 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\File Viewer
2018-07-26 19:57 - 2017-10-16 02:15 - 000000000 ____C C:\WINDOWS\system32\last.dump
2018-07-26 18:04 - 2017-10-30 05:49 - 000000797 _____ C:\Documents and Settings\Administrator\Desktop\Hangouts.lnk
2018-07-26 05:54 - 2011-07-10 16:53 - 000862354 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-448539723-1606980848-500-0.dat
2018-07-25 20:31 - 2010-04-15 19:07 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-07-25 15:26 - 2018-05-22 15:21 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2018-07-25 15:26 - 2010-09-20 17:40 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-25 15:21 - 2013-01-10 20:33 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-07-25 15:12 - 2010-09-02 02:52 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\U3
2018-07-25 11:19 - 2018-06-29 02:20 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-07-24 09:02 - 2015-01-08 22:49 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2018-07-24 08:09 - 2016-01-01 16:59 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2018-07-24 05:03 - 2010-04-15 19:06 - 000000000 __SHD C:\Documents and Settings\NetworkService
2018-07-24 05:01 - 2010-04-15 18:59 - 000000000 ____D C:\WINDOWS\Registration
2018-07-23 19:05 - 2014-03-11 17:50 - 000000324 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-23 13:46 - 2018-06-20 14:26 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\ViberDownloads
2018-07-23 10:42 - 2018-06-29 03:04 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Declaration of Tax Residency - om..leng pak pak excl
2018-07-23 00:05 - 2017-10-22 17:00 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2018-07-15 15:46 - 2012-12-14 00:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-07-14 18:33 - 2010-09-17 17:50 - 000538624 __SHC C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2018-07-10 15:12 - 2012-05-19 16:02 - 000842240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-07-10 15:12 - 2011-06-15 16:57 - 000175104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-07-08 23:42 - 2017-08-26 01:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2018-07-08 15:00 - 2014-03-11 13:56 - 000000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2018-07-06 09:40 - 2017-10-15 21:48 - 000000000 ____D C:\Program Files\Fighters
2018-07-01 19:56 - 2010-09-11 18:13 - 000002375 _____ C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
2018-07-01 02:02 - 2010-04-15 19:06 - 000000178 __SHC C:\Documents and Settings\NetworkService\ntuser.ini
==================== Files in the root of some directories =======
2010-09-18 12:51 - 2010-09-18 12:53 - 000000015 ____N () C:\Documents and Settings\Administrator\settings.dat
2012-03-13 12:02 - 2012-03-13 12:02 - 000000022 ___SH () C:\Documents and Settings\Administrator\Application Data\Sys2662.Config.Repository.bin
2011-07-08 17:33 - 1996-11-21 08:00 - 000000002 ____C () C:\Documents and Settings\Administrator\Application Data\Microsoft\ArtGalry.cag
2010-08-31 15:21 - 2012-06-11 09:34 - 000100352 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-03 14:13 - 2012-12-03 14:13 - 000027520 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
2010-09-09 20:47 - 2010-09-09 20:47 - 000088278 ____C () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
2017-10-28 20:15 - 2017-10-28 20:15 - 000221100 _____ () C:\Documents and Settings\All Users\Application Data\1509217961.bdinstall.bin
2017-12-16 07:31 - 2017-12-16 07:31 - 000036955 _____ () C:\Documents and Settings\All Users\Application Data\1513405877.bdinstall.bin
2017-12-16 07:35 - 2017-12-16 07:35 - 000178259 _____ () C:\Documents and Settings\All Users\Application Data\1513405883.bdinstall.bin
2017-12-16 08:03 - 2017-12-16 08:03 - 000036971 _____ () C:\Documents and Settings\All Users\Application Data\1513407823.bdinstall.bin
2017-12-16 08:03 - 2017-12-16 08:04 - 000001305 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.2116.bin
2017-12-16 08:03 - 2017-12-16 08:04 - 000002405 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.3164.bin
2017-12-16 08:03 - 2017-12-16 08:04 - 000038977 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.3780.bin
2017-12-16 08:04 - 2017-12-16 08:04 - 000008079 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.4588.bin
2017-12-16 08:04 - 2017-12-16 08:04 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1513407840.bdinstall.bin
2017-12-16 08:04 - 2017-12-16 08:04 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1513407844.bdinstall.bin
2017-12-16 08:16 - 2017-12-16 08:16 - 000093509 _____ () C:\Documents and Settings\All Users\Application Data\1513408284.bdinstall.bin
2017-12-16 08:27 - 2017-12-16 08:27 - 000213884 _____ () C:\Documents and Settings\All Users\Application Data\1513409101.bdinstall.bin
2017-12-17 02:04 - 2017-12-17 02:04 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1513472675.bdinstall.bin
2017-12-17 02:04 - 2017-12-17 02:04 - 000039490 _____ () C:\Documents and Settings\All Users\Application Data\1513472678.bdinstall.bin
2017-12-17 02:05 - 2017-12-17 02:05 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1513472713.bdinstall.bin
2017-12-17 02:08 - 2017-12-17 02:08 - 000096015 _____ () C:\Documents and Settings\All Users\Application Data\1513472717.bdinstall.bin
2017-12-17 02:24 - 2017-12-17 02:24 - 000201480 _____ () C:\Documents and Settings\All Users\Application Data\1513473765.bdinstall.bin
2017-12-17 03:45 - 2017-12-17 03:45 - 000036954 _____ () C:\Documents and Settings\All Users\Application Data\1513478746.bdinstall.bin
2017-12-17 03:46 - 2017-12-17 03:46 - 000179968 _____ () C:\Documents and Settings\All Users\Application Data\1513478752.bdinstall.bin
2018-06-26 11:58 - 2018-06-26 11:58 - 000037227 _____ () C:\Documents and Settings\All Users\Application Data\1530010692.bdinstall.bin
2018-06-26 12:00 - 2018-06-26 12:00 - 000178655 _____ () C:\Documents and Settings\All Users\Application Data\1530010711.bdinstall.bin
2018-07-01 02:50 - 2018-07-01 02:50 - 000036949 _____ () C:\Documents and Settings\All Users\Application Data\1530409844.bdinstall.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000002406 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.4648.bin
2018-07-01 02:51 - 2018-07-01 02:51 - 000008079 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.5484.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000001390 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.5900.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000038957 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.6012.bin
2018-07-01 02:53 - 2018-07-01 02:53 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1530410007.bdinstall.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000003549 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1624.bin
2018-07-01 03:00 - 2018-07-01 03:03 - 000018940 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1840.bin
2018-07-01 02:59 - 2018-07-01 03:01 - 000106707 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1868.bin
2018-07-01 02:58 - 2018-07-01 03:03 - 000038520 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.3108.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000009515 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.3548.bin
2018-07-06 09:53 - 2018-07-06 09:53 - 000036971 _____ () C:\Documents and Settings\All Users\Application Data\1530867173.bdinstall.bin
2018-07-06 09:54 - 2018-07-06 09:54 - 000178007 _____ () C:\Documents and Settings\All Users\Application Data\1530867194.bdinstall.bin
2018-07-08 21:14 - 2018-07-08 21:14 - 000036949 _____ () C:\Documents and Settings\All Users\Application Data\1531080857.bdinstall.bin
2018-07-08 23:04 - 2018-07-08 23:04 - 000180454 _____ () C:\Documents and Settings\All Users\Application Data\1531080871.bdinstall.bin
2018-07-08 21:23 - 2018-07-08 21:23 - 000031682 _____ () C:\Documents and Settings\All Users\Application Data\1531081369.bdinstall.bin
Some files in TEMP:
====================
2018-07-24 05:19 - 2018-07-24 05:19 - 000275504 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe
2018-07-08 23:25 - 2018-07-08 23:25 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe
2018-07-24 05:22 - 2018-07-24 05:22 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe
2018-07-24 05:33 - 2018-07-24 05:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe
2018-07-01 19:56 - 2018-07-01 19:56 - 000511640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe
2018-07-28 03:12 - 2010-12-09 16:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
July 29th, 2018, 08:31 PM
#34
Here is the Additional report:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Administrator (30-07-2018 01:21:15)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-04-15 18:05:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1801674531-448539723-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1801674531-448539723-1606980848-1003 - Limited - Enabled)
Guest (S-1-5-21-1801674531-448539723-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1801674531-448539723-1606980848-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1801674531-448539723-1606980848-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis True Image WD*Edition (HKLM\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14157 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Any Video Converter 3.3.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
AxCrypt 1.7.3156.0 (HKLM\...\{DB066768-5A50-4C44-815B-4E8A6A39335E}) (Version: 1.7.3156.0 - Axantum Software AB)
BB FlashBack Express (HKLM\...\BB FlashBack Express) (Version: 3.2.7.2349 - Blueberry)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
ClipGrab 3.6.8 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Digital Camera Driver (HKLM\...\Digital Camera Driver) (Version: - )
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.2.2 - DivX, Inc.)
Dr SpeedTouch (HKLM\...\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}) (Version: - )
EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: - )
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Eraser 5.82 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.82 - Heidi Computers Ltd.)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
File Identifier (HKLM\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Lite (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.4.1 - Sharpened Productions)
Freemake Video Converter version 4.1.10 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hard Disk Sentinel (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.260 - Oracle)
K-Lite Codec Pack 8.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Macrium Reflect - Free Edition (HKLM\...\{BB912177-24CC-4AEE-8329-97D7ACD125D4}) (Version: 4.2.3775 - Macrium)
Magitime (HKLM\...\Magitime) (Version: - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 52.9.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-GB)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSRuntime Libraries (HKLM\...\{ECA2B21B-A180-4775-B93F-6E404E36A8CC}) (Version: 1.0.0 - Thomson)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
O2InstV3Win7UpdateV2 (HKLM\...\{74B1CEB6-B4BF-46FD-8080-CE3C1809B010}) (Version: 10 - SupportSoft) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickOn Button (HKLM\...\QkOnBtn) (Version: - )
QuickStroke (HKLM\...\{2BDBE4EC-89F3-4663-8C00-F9E2EC726AF5}) (Version: - )
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
SmartCamera Ver 2.1 (HKLM\...\{9527450C-64B3-11D5-9B31-000021116B62}) (Version: 2.01.0001 - MingjongTechnologies CO.,LTD.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA2075) (Version: - )
SPAMfighter (HKLM\...\{AD0002B9-2363-43C5-BA94-2A71AD86BE17}) (Version: 7.5.131 - Spamfighter ApS) Hidden
SPAMfighter (HKLM\...\SPAMfighter) (Version: 7.5.131 - Spamfighter ApS)
SpeedTouch 330 (HKLM\...\SpeedTouch 330) (Version: - )
Startup Cop (HKLM\...\Startup Cop) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
USB PC Camera (SN9C103) (HKLM\...\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}) (Version: 4.6.6.0 - )
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [SDContextExt] -> {70F8E90E-353A-47AB-B297-C576345EE693} => -> No File
ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RShellExt.dll [2011-07-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2006-05-08] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\4 On-Demand.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=anhngjkonjhfnhekadjnofhcjjhnljhh
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\BBC iPlayer.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jahnifecgkhjbcbjfkplnplfkcebgafc
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\My5.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=memeiodlbggpddhlkeoppgnefjdgpcda
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\The ITV.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enlkekmehifkbcpadgpbhjcepnannhml
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm
ShortcutWithArgument: C:\Documents and Settings\Administrator\Desktop\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm
==================== Loaded Modules (Whitelisted) ==============
2017-10-30 08:23 - 2017-10-30 08:23 - 004349952 _____ () C:\Program Files\Thomson\ST330\service\qt-mt337.dll
2018-07-08 23:32 - 2018-07-08 23:32 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-07-08 23:39 - 2018-07-08 23:39 - 000907504 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-07-08 23:32 - 2018-07-08 23:32 - 000533744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-07-08 23:32 - 2018-07-08 23:32 - 000986352 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-07-29 18:56 - 2018-07-29 18:56 - 005890800 _____ () C:\Program Files\AVG\Antivirus\defs\18072904\algo.dll
2015-06-02 16:51 - 2015-06-02 16:51 - 000545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-07-01 12:55 - 2011-07-01 12:55 - 000220824 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2010-09-04 19:02 - 2003-10-24 19:21 - 000053248 ____C () C:\WINDOWS\system32\dsnpstd2.dll
2010-09-08 10:45 - 2010-09-08 10:45 - 001034752 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-09-08 10:53 - 2010-09-08 10:53 - 000886272 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2010-09-08 10:44 - 2010-09-08 10:44 - 000484352 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2010-09-04 19:02 - 2004-01-06 02:34 - 000040960 _____ () C:\WINDOWS\vsnpstd2.exe
2017-10-30 08:23 - 2017-10-30 08:23 - 004222976 _____ () C:\Program Files\Thomson\ST330\diagnostics\qt-mt332.dll
2017-10-30 08:23 - 2017-10-30 08:23 - 000364544 _____ () C:\Program Files\Thomson\ST330\diagnostics\qwt.dll
2012-03-15 11:44 - 2012-03-15 11:44 - 000549512 _____ () C:\Program Files\Fighters\SPAMfighter\sfsg.dll
2012-03-15 11:44 - 2017-10-15 21:50 - 000966248 ____T () C:\Program Files\Fighters\SPAMfighter\sfse.dll
2018-05-21 10:06 - 2017-07-26 11:57 - 000080896 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2018-07-08 23:40 - 2018-07-08 23:40 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files\Skype\Phone\skypert.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 000192512 ____C () C:\WINDOWS\system32\qcap.dll
2008-04-14 13:00 - 2013-01-02 07:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2007-02-13 01:31 - 2007-02-13 01:31 - 001111552 _____ () C:\Program Files\FastStone Capture\FSCapture.exe
2018-06-29 02:17 - 2018-04-25 13:16 - 001930960 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 13:00 - 2018-07-29 12:22 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 212.159.6.9 - 212.159.6.10
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\eraser.exe -hide
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe] => Enabled:ST330 service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson\ST330\service\st330service.exe] => Enabled:ST330 service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Antivirus\AvEmUpdate.exe] => Enabled:Antivirus Emergency Update
StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet isabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet isabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
19-07-2018 19:34:30 Automatic Restore Point
19-07-2018 22:21:03 Automatic Restore Point
20-07-2018 00:32:58 Automatic Restore Point
20-07-2018 05:38:25 Automatic Restore Point
20-07-2018 14:48:15 Automatic Restore Point
21-07-2018 16:54:14 Automatic Restore Point
22-07-2018 02:00:18 Restore Operation
22-07-2018 02:10:34 Automatic Restore Point
22-07-2018 02:18:04 Installed Windows XP Wdf01009.
22-07-2018 02:23:47 Automatic Restore Point
22-07-2018 16:10:43 Automatic Restore Point
22-07-2018 16:21:37 Automatic Restore Point
22-07-2018 17:23:24 Automatic Restore Point
22-07-2018 21:00:34 Automatic Restore Point
22-07-2018 21:25:09 Automatic Restore Point
23-07-2018 22:08:27 Automatic Restore Point
24-07-2018 01:23:18 Automatic Restore Point
24-07-2018 03:11:33 Automatic Restore Point
24-07-2018 03:25:34 Restore Operation
24-07-2018 03:50:35 Restore Operation
24-07-2018 04:15:46 Restore Operation
24-07-2018 04:41:32 Restore Operation
24-07-2018 04:45:09 Automatic Restore Point
24-07-2018 04:50:53 Restore Operation
24-07-2018 05:11:31 Automatic Restore Point
24-07-2018 05:18:08 Installed Windows XP Wdf01009.
24-07-2018 05:24:47 Installed Windows XP Wdf01009.
24-07-2018 06:06:28 Automatic Restore Point
24-07-2018 07:31:05 Automatic Restore Point
24-07-2018 07:47:40 Installed Windows KB954550-v5.
24-07-2018 07:47:58 Printer Driver Microsoft XPS Document Writer Installed
24-07-2018 07:48:18 Printer Driver Microsoft XPS Document Writer Installed
24-07-2018 08:02:23 Automatic Restore Point
24-07-2018 09:04:58 Automatic Restore Point
24-07-2018 10:30:16 Automatic Restore Point
24-07-2018 18:11:38 Automatic Restore Point
25-07-2018 08:27:50 Automatic Restore Point
25-07-2018 09:35:24 Automatic Restore Point
25-07-2018 10:24:16 Automatic Restore Point
25-07-2018 10:35:25 Revo Uninstaller's restore point - SpyShelter Premium 11.1
25-07-2018 10:45:09 Automatic Restore Point
25-07-2018 11:16:31 Automatic Restore Point
25-07-2018 13:29:00 Automatic Restore Point
25-07-2018 18:52:21 Installed Keylogger Detector
25-07-2018 19:01:39 Revo Uninstaller's restore point - Keylogger Detector
25-07-2018 19:02:05 Removed Keylogger Detector
25-07-2018 19:05:44 Installed Keylogger Detector
25-07-2018 19:07:29 Revo Uninstaller's restore point - Keylogger Detector
25-07-2018 19:07:54 Removed Keylogger Detector
25-07-2018 19:15:58 Automatic Restore Point
25-07-2018 21:03:50 Automatic Restore Point
26-07-2018 11:42:08 Automatic Restore Point
26-07-2018 18:39:26 Automatic Restore Point
26-07-2018 19:37:19 Automatic Restore Point
26-07-2018 21:12:30 Automatic Restore Point
27-07-2018 12:58:46 Automatic Restore Point
27-07-2018 19:53:26 Automatic Restore Point
27-07-2018 21:14:40 Automatic Restore Point
27-07-2018 21:34:09 Installed Windows KB954550-v5.
27-07-2018 21:34:25 Printer Driver Microsoft XPS Document Writer Installed
27-07-2018 21:34:44 Printer Driver Microsoft XPS Document Writer Installed
27-07-2018 21:49:55 Automatic Restore Point
28-07-2018 02:36:28 Revo Uninstaller's restore point - MalwareFox AntiMalware
28-07-2018 02:46:49 Automatic Restore Point
28-07-2018 05:34:54 Revo Uninstaller's restore point - Registry Drill
29-07-2018 06:38:07 Automatic Restore Point
29-07-2018 08:12:57 Automatic Restore Point
29-07-2018 08:29:03 Revo Uninstaller's restore point - ZoneAlarm Free Firewall
29-07-2018 08:39:24 Automatic Restore Point
29-07-2018 08:56:18 Installed Windows KB954550-v5.
29-07-2018 08:56:37 Printer Driver Microsoft XPS Document Writer Installed
29-07-2018 08:56:54 Printer Driver Microsoft XPS Document Writer Installed
29-07-2018 09:12:28 Automatic Restore Point
29-07-2018 12:25:35 Automatic Restore Point
29-07-2018 18:55:06 Automatic Restore Point
30-07-2018 01:02:22 Revo Uninstaller's restore point - RogueKiller version 12.12.28.0
==================== Faulty Device Manager Devices =============
Name: IrDA Fast Infrared Port
Description: IrDA Fast Infrared Port
Class Guid: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Manufacturer: National Semiconductor
Service: NSCIRDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/29/2018 09:13:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (07/29/2018 07:58:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.12.28.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x0000b152.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (07/28/2018 01:11:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/27/2018 09:57:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/27/2018 09:50:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (07/27/2018 08:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.7.2018.0, faulting module frst.exe, version 21.7.2018.0, fault address 0x0002129e.
Processing media-specific event for [frst.exe!ws!]
Error: (07/26/2018 06:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/25/2018 08:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
Processing media-specific event for [plugin-container.exe!ws!]
System errors:
=============
Error: (07/29/2018 06:49:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon
Error: (07/29/2018 06:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (07/29/2018 06:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/29/2018 06:49:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.
Error: (07/29/2018 09:13:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon
Error: (07/29/2018 08:40:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/29/2018 08:40:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the avgbIDSAgent service to connect.
Error: (07/29/2018 08:38:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 2038.07 MB
Available physical RAM: 689.5 MB
Total Virtual: 3406.3 MB
Available Virtual: 2199.95 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200.19 GB) (Free:125.86 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:265.57 GB) (Free:137.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B4B9B3EC)
Partition 1: (Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=265.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
July 29th, 2018, 11:21 PM
#35
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
July 30th, 2018, 04:12 AM
#36
Oh...so there is a problem with my laptop. Hope it is not a malware or virus because it has not been picked up by my antivirus and malwarebttes. Anyway, here is the First Fix log:
Fix result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Administrator (30-07-2018 09:38:15) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
2018-07-24 05:19 - 2018-07-24 05:19 - 000275504 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe
2018-07-08 23:25 - 2018-07-08 23:25 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe
2018-07-24 05:22 - 2018-07-24 05:22 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe
2018-07-24 05:33 - 2018-07-24 05:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe
2018-07-01 19:56 - 2018-07-01 19:56 - 000511640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe
2018-07-28 03:12 - 2010-12-09 16:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [SDContextExt] -> {70F8E90E-353A-47AB-B297-C576345EE693} => -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
*****************
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedTouch USB Diagnostics" => removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully.
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully.
HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => not found
"HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully.
"HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully.
"HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi" => removed successfully.
"HKLM\System\CurrentControlSet\Services\Lavasoft Ad-Aware Service" => removed successfully.
Lavasoft Ad-Aware Service => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz132" => removed successfully.
cpuz132 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
IntelIde => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer" => removed successfully.
Lavasoft Kernexplorer => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TfFsMon" => removed successfully.
TfFsMon => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TfNetMon" => removed successfully.
TfNetMon => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TfSysMon" => removed successfully.
TfSysMon => service removed successfully.
"HKLM\System\CurrentControlSet\Services\UIUSys" => removed successfully.
UIUSys => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully.
ZAM => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully.
ZAM_Guard => service removed successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2" => removed successfully.
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\QuickShare" => removed successfully.
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDContextExt" => removed successfully.
HKLM\Software\Classes\CLSID\{70F8E90E-353A-47AB-B297-C576345EE693} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
The system needed a reboot.
==== End of Fixlog 09:39:01 ====
Last edited by slickcondo; July 30th, 2018 at 05:00 AM .
July 30th, 2018, 08:45 PM
#37
No need to worry.
Those are very minor things. Nothing serious there
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
July 30th, 2018, 11:04 PM
#38
Here is the second scan on Faber Service Scanner:
Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 31-07-2018 at 03:59:35
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
Extra List:
=======
Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x0B0000000600000001000000020000000300000004000000050000005A000000090000000A0000000700000008000000
IpSec Tag value is correct.
**** End of log ****
July 31st, 2018, 01:57 AM
#39
July 31st, 2018, 05:06 AM
#40
Originally Posted by
jdc2000
Hi jdc2000 - thanks for the link. But I can't open it. It just gave a blank page
July 31st, 2018, 05:13 AM
#41
Broni - I ran the Temp File Cleaner, but it did not gave any scan report. The first time I ran it, it just restared my laptop. Ran again the second tme and it freezes my laptop. Only the 3rd time I ran it that the progress bar moves. But again no report
I then installed the Sophops program and for some reason it created two icon on my desktop. Both icon looks different. I ran one of them and I hope this is the correct report as there is no scan log report. Just this one that appears after the scan:
Results 1 - 3 of about 3 Search took 0.01 seconds.
Detailed Analysis - Troj/Decept-HV - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks ...
http://www.sophos.com/en-us/threat-c...-analysis.aspx
... Troj/Decept-HV. Category: Viruses and Spyware, Protection available since: 25 Jan 2018 07:18:16 (GMT). Type: Trojan, Last Updated: 25 Jan 2018 ...
Troj/Decept-HV - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent ...
http://www.sophos.com/en-us/threat-c...Decept-HV.aspx
... Troj/Decept-HV. Category: Viruses and Spyware, Protection available since: 25 Jan 2018 07:18:16 (GMT). Type: Trojan, Last Updated: 25 Jan 2018 ...
[ More results from https://www.sophos.com/en-us/threat-...hreat-analyses ]
Troj/Decept-HV - Anyone Else Have Detections? - Sophos Endpoint Software - Endpoint Security and Control - Sophos Community
community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/99980/troj-decept-hv---anyone-else-have-detections
... Troj/Decept-HV - Anyone Else Have Detections? I had 4 systems have detections for Troj/Decept-HV early Friday, January 26, 2018. ...
In order to show you the most relevant results, we have omitted some entries very similar to the 3 already displayed.
If you like, you can repeat the search with the omitted results included.
Last edited by slickcondo; July 31st, 2018 at 05:24 AM .
July 31st, 2018, 10:09 AM
#42
The link works for me. It is unlikely that KSL.com is blocking UK users from accessing it, it is more likely that your ISP is blocking it. If you had a VPN service, you could probably see it using a U.S.A. access point.
July 31st, 2018, 08:33 PM
#43
Sophos log doesn't look right. Try second icon.
I don't need Temp File Cleaner log.
I still need Security Check log though (1st step).
August 1st, 2018, 04:20 AM
#44
Broni - the second icon does not work at all. I think I will delete then and try down lownload again. But for some reason, I did not recieved any notifications that you ahve sent me a message and I was wondering. So I chceked here and saw your latest
Last edited by slickcondo; August 1st, 2018 at 04:22 AM .
August 1st, 2018, 04:25 AM
#45
Originally Posted by
jdc2000
The link works for me. It is unlikely that KSL.com is blocking UK users from accessing it, it is more likely that your ISP is blocking it. If you had a VPN service, you could probably see it using a U.S.A. access point.
jdc2000. I don;t have a VPN service. I will try to open it again with a friend's laptop this weekend and see what is on that link. Thanks.
Thread Information
Users Browsing this Thread
There are currently 7 users browsing this thread. (0 members and 7 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules