[RESOLVED] How to check if I have a Keylogger on my laptop

[slickcondo]

Hi,

I hope this is the right thread to post this.
I am using a laptop running on Windows XP Pro with SP3 and Outlook Express for my emails.

Recently I received a email to say that because I visited his website, he/she has planted a keylogger and used my video cam and had taken all my contacts. He further said that unless I send him $7,000 dollars, he will posted the video of my visit to his porn website and send my visit to all my contacts.

I am suspicious of this email that may be a scam only because:
1) I have not visited any porn website
2) when I look at the message source, it shows my email address with my login password. But this password is no longer in use for more than a year already.

So my question is how do I check to be 100 percent sure there is or there is not a keylogger on my laptop ?
Also is there a good free scanner that I can use that is compatible with WindowsXP? I have tried a few, but they don't seem to work or run properly.

Any suggestions and help greatly appreciated. Thanks

[slickcondo]

Hi,

I hope this is the right thread to post this.
I am using a laptop running on Windows XP Pro with SP3 and Outlook Express for my emails.

Recently I received a email to say that because I visited his website, he/she has planted a keylogger and used my video cam and had taken all my contacts. He further said that unless I send him $7,000 dollars, he will posted the video of my visit to his porn website and send my visit to all my contacts.

I am suspicious of this email that may be a scam only because:
1) I have not visited any porn website
2) when I look at the message source, it shows my email address with my login password. But this password is no longer in use for more than a year already.

So my question is how do I check to be 100 percent sure there is or there is not a keylogger on my laptop ?
Also is there a good free scanner that I can use that is compatible with WindowsXP? I have tried a few, but they don't seem to work or run properly.

Any suggestions and help greatly appreciated. Thanks

So disappointed no suggestions or help so far Have I posted this in the wrong thread ?

[fink]

Follow the instructions at the top of this forum and post the logs below.

http://discussions.virtualdr.com/sho...ted-3-21-2015)

Only mods can answer questions in this forum and since we all have jobs and live in different time zones it can take a little while to get a response.

In the meantime disconnect your webcam or put some tape over it and change your important passwords which should be done regularly anyway.... If you can, use a different computer to change them.

[slickcondo]

Follow the instructions at the top of this forum and post the logs below.

http://discussions.virtualdr.com/sho...ted-3-21-2015)

Only mods can answer questions in this forum and since we all have jobs and live in different time zones it can take a little while to get a response.

In the meantime disconnect your webcam or put some tape over it and change your important passwords which should be done regularly anyway.... If you can, use a different computer to change them.

Hi fink - thanks for reminding me of the time difference zone. Sorry

I was not able to install any keylogger program. So I don't have a log to post. That was why I asked if anyone here can recommend one ? I only have AVG antivirus, SuperAntiSpyware and Malwarebytes - all free editions. I did not think these logs will detect and show if there is keylogger or not. When I tried to install a couple of keylogger programs, it did not work properly and I cannot scan it. That was why I asked if anyone can recommend one .

I am using another computer to write this to you and this computer does not have a webcam. The other "infected" laptop also does not have a built in webcam, just a usb one and I have disconnected it.

Any recommendation for a keylogger program for XP so that I can scan it and send the log ?

Look forward to hear back from you soon and if you would like to see the log of my Antivirus or Malware program, please let me know whcih ?

[fink]

You keep saying "keylogger programs". Those are NOT what you want to have on your computer. They keep track of what you type and look at and keep records. A keylogger program is what the guy has claimed to have installed on your computer. It's not a good thing if it's actually there.

What you want are antimalware scanners like malwarebtyes and the scanners that are recommended in the link above. Have you tried running Farbar Recovery Scan Tool as suggested? That's the first step in finding out what malware may be on your computer.

[slickcondo]

You keep saying "keylogger programs". Those are NOT what you want to have on your computer. They keep track of what you type and look at and keep records. A keylogger program is what the guy has claimed to have installed on your computer. It's not a good thing if it's actually there.

What you want are antimalware scanners like malwarebtyes and the scanners that are recommended in the link above. Have you tried running Farbar Recovery Scan Tool as suggested? That's the first step in finding out what malware may be on your computer.

I have the free version of Malwarebytes. But I have not tried Fabar Recovery Scan Tool as I just got here not long. I will try it now and see how it goes. Do I send you the log for malwarebyte and also Fabar after I scan it ?

When I google, there are some programs like Keylogger Detector which is supposed to scan for presence of this virus, but it does not work on my laptop.

Do I still have to change my password even if after logging into say my bank account, the access the functions there, I have to use a device to generate an extra One Time Pin before I can proceed ?

[fink]

Don't run any other scanners other than the ones recommended here. Most are useless and many have adware or worse attached to them. Malwarebytes is good but superantispyware is old and not very effective any longer. Copy/paste the log file below broken into smaller parts if necessary.

I don't know about the one time pin thing but I would change passwords now just to be on the safe side.

Broni will take over from here once you've posted the log files requested above.

[slickcondo]

Don't run any other scanners other than the ones recommended here. Most are useless and many have adware or worse attached to them. Malwarebytes is good but superantispyware is old and not very effective any longer. Copy/paste the log file below broken into smaller parts if necessary.

I don't know about the one time pin thing but I would change passwords now just to be on the safe side.

Broni will take over from here once you've posted the log files requested above.

The One Time Pin is use by banks here these days as a added security. They give you a small device where when you press a button, it generates a 6 digit number that you have to enter before you can proceed further. Each time, it is a different 6 digit number.

OK, I will post the log as soon as I can - possibly midnight here or tomorrow as it is now 7.25pm here and family getting ready to have dinner and I have to help in the cooking. I will change my passwords on some accounts first and thanks for your advise. Look forward to receive Broni's help.

[slickcondo]

Oh by the way. forget to ask. When I post the log, do I post it here or start a new post as the above link says ?
And only send the log of Fabar Recovery Tool and not a Malwarebyte log ?

[jdc2000]

That e-mail is almost certainly a scam designed to get you to send $$$$. Nevertheless, you should still check for malware. Post the scans here. If Broni wants a Malwarebytes log, he will let you know.

What e-mail provider do you have (Yahoo, GMail, Outlook.com, Hotmail, other ISP, etc.)?

[slickcondo]

That e-mail is almost certainly a scam designed to get you to send $$$$. Nevertheless, you should still check for malware. Post the scans here. If Broni wants a Malwarebytes log, he will let you know.

What e-mail provider do you have (Yahoo, GMail, Outlook.com, Hotmail, other ISP, etc.)?

Hi jdc - nice to hear from you again. It's been a long time since we were last in contact on this site. I trust you are well ?

Yes I think that email is most possibly only a scam. But I feel more assured if I know for sure because my email address and the password when I checked the email source it also shows my password but it was a password that I had used for that email over a year ago and I had since changed it. But still worrying that one of my passwords is known to the scammer and wondering how. So better be safe than sorry.

I have just finished the scan by Fabar and I will past the 2 logs here in the next post to follow and thanks for offering to forward it to Broni

[slickcondo]

Result of 3rd scan after first scan failed. Second scan was ok, but could not find the log until I moved the first scan log to another location and ran a third scan. This First report will be sent in 2 or poss 3 parts as it is over the max character limit allow. Here is the first part of the First log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Administrator (administrator) on HOME (27-07-2018 22:33:03)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\service\st330service.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\WINDOWS\vsnpstd2.exe
(Magistone Systems) C:\Program Files\Magitime\Magitime.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\s***ent.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\FastStone Capture\FSCapture.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-05-08] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-05-08] (Intel Corporation)
HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [40960 2004-01-06] ()
HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
HKLM\...\Run: [Magitime] => C:\Program Files\Magitime\magitime.exe [659456 2014-03-14] (Magistone Systems)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1453704 2012-02-02] (SPAMfighter ApS)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [diagnostics] => C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149 2017-10-30] (THOMSON Telecom Belgium)
HKLM\...\Run: [s***ent] => C:\Program Files\Fighters\SPAMfighter\s***ent.exe [1197704 2012-03-15] (SPAMfighter ApS)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-05-11] (RealNetworks, Inc.)
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-07-26] ()
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-07-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ZAM] => C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
Winlogon\Notify\NavLogon:
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã* r.l.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\MountPoints2: {78b543b0-bc6c-11e0-89f8-001636b15235} - F:\unlock.exe autoplay=true
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-06-22]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-30]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysRestorePoint.exe [2002-11-11] (Doug Knox)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{49F88D2F-BEF2-4BAB-A775-D4173A03AAE3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E8BB92A5-E42A-465D-B774-C5BC6F026298} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271356564296
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 [2018-07-27]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 -> hxxps://www.msn.com/en-gb/?ocid=mailsignout&AR=1
FF Extension: (IBM Security Rapport) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-08]
FF Extension: (Video Downloader Pro) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\@video_downloader_pro.xpi [2018-06-17]
FF Extension: (SaveFrom.net helper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (Flash and Video Download) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-15]
FF Extension: (Download with Internet Download Manager (IDM)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-10-16]
FF HKLM\...\Firefox\Extensions: [{051F5AD7-BA56-4780-890F-EAB21B44B01A}] - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A}
FF Extension: (XULRunner) - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A} [2010-09-16] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-18] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-19] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-11] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-06] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-05-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-05-11] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-10-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.msn.com/en-gb/
CHR StartupUrls: Default -> "hxxps://www.msn.com/en-gb/"
CHR DefaultSearchURL: Default -> hxxp://www.channel4.com/favicon.ico
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-07-25]
CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (4 On-Demand) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anhngjkonjhfnhekadjnofhcjjhnljhh [2017-11-01]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
CHR Extension: (Video Downloader Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2018-06-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diogmdacmdamkfnkeedajbbeglpeaigi [2017-10-15]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-06-18]
CHR Extension: (The ITV) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enlkekmehifkbcpadgpbhjcepnannhml [2017-11-01]
CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
CHR Extension: (WhatsApp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnpfjngllnobngcgfapefoaidbinmjnm [2017-10-15]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2017-05-19]
CHR Extension: (BBC iPlayer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahnifecgkhjbcbjfkplnplfkcebgafc [2017-11-01]
CHR Extension: (Hangouts) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kffnpbachbhakiomjoichllogeobmoli [2017-10-30]
CHR Extension: (4 Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgkjlaebagdlngdnngcejfejfjfamfjk [2017-10-15]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-06-26]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfheiaeoljbhacojcpijifmiaagpmjha [2017-10-15]
CHR Extension: (TVCatchup - TV Guide) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnkddnodjiogeonmkfjiikfobojmcbk [2017-10-15]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\memeiodlbggpddhlkeoppgnefjdgpcda [2017-11-01]
CHR Extension: (Video Downloader GetThemAll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (ITV CatchUp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobiaddkhdkdpekghklpdnjagimdmhdi [2017-10-15]
CHR Extension: (TVCatchup - Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obgolfleeijjdgkahmeimjecogcgpaca [2017-10-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
CHR Extension: (All 4) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ploblfmaojdpinjdldecofjjdgkcndda [2017-10-15]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-05-18] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-10] (Adobe Systems Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-07-08] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-07-08] (AVG Technologies CZ, s.r.o.)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [215688 2012-03-15] (SPAMfighter ApS)
R2 st330service; C:\Program Files/Thomson/ST330/service/st330service.exe [581632 2017-10-30] (THOMSON Telecom Belgium) [File not signed]
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1324680 2012-01-23] (SPAMfighter ApS)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
R2 ZAMSvc; C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\WINDOWS\System32\DRIVERS\AcpiVpc.sys [7296 2005-10-11] (Lenovo Corporation)
S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed]
S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed]
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [142240 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-07-08] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-07-08] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr.sys [63224 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-24] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\System32\drivers\avgStmXP.sys [198248 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-07-08] (AVG Technologies CZ, s.r.o.)
R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2012-12-27] (Windows (R) Codename Longhorn DDK provider)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBTP10; C:\WINDOWS\System32\Drivers\TP6810.sys [241704 2006-06-15] (Microsoft Corporation) [File not signed]
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [568320 2009-01-14] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206848 2006-05-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-05-08] (Conexant Systems, Inc.)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [144416 2017-03-22] (Zemana Ltd.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-26] (Lavasoft AB)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2018-07-25] (Malwarebytes)
S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [115790 2002-07-03] (Mars Semiconductor Corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM Corp.)
R1 RapportCerberus_1804077; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-11-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM Corp.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [302720 2004-03-23] ()
R3 ST330; C:\WINDOWS\System32\drivers\st330.sys [30464 2010-09-23] (THOMSON Telecom Belgium)
R3 STBUS; C:\WINDOWS\System32\drivers\stbus.sys [12672 2010-09-23] (THOMSON Telecom Belgium)
S3 STETH; C:\WINDOWS\System32\DRIVERS\steth.sys [40320 2010-09-23] (THOMSON Telecom Belgium)
R3 stppp; C:\WINDOWS\System32\DRIVERS\stppp.sys [32000 2017-05-19] (THOMSON Telecom Belgium)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [37080 2010-08-25] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [395464 2010-08-25] (Paragon)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-08-05] (Acronis)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-08-05] (Acronis)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-07-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-07-26] (Zemana Ltd.)
S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

[slickcondo]

Result of 3rd scan after first scan failed. Second scan was ok, but could not find the log until I moved the first scan log to another location and ran a third scan. This First report will be sent in 2 or poss 3 parts as it is over the max character limit allow. Here is the first part of the First log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Administrator (administrator) on HOME (27-07-2018 22:33:03)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\service\st330service.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\WINDOWS\vsnpstd2.exe
(Magistone Systems) C:\Program Files\Magitime\Magitime.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(THOMSON Telecom Belgium) C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\s***ent.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Copyright 2017.) C:\Program Files\MalwareFox AntiMalware\ZAM.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\FastStone Capture\FSCapture.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-05-08] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-05-08] (Intel Corporation)
HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [40960 2004-01-06] ()
HKLM\...\Run: [SpeedTouch USB Diagnostics] => [X]
HKLM\...\Run: [Magitime] => C:\Program Files\Magitime\magitime.exe [659456 2014-03-14] (Magistone Systems)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1453704 2012-02-02] (SPAMfighter ApS)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [diagnostics] => C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149 2017-10-30] (THOMSON Telecom Belgium)
HKLM\...\Run: [s***ent] => C:\Program Files\Fighters\SPAMfighter\s***ent.exe [1197704 2012-03-15] (SPAMfighter ApS)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-05-11] (RealNetworks, Inc.)
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-07-26] ()
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-07-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ZAM] => C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
Winlogon\Notify\NavLogon:
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã* r.l.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\MountPoints2: {78b543b0-bc6c-11e0-89f8-001636b15235} - F:\unlock.exe autoplay=true
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-06-22]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-30]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysRestorePoint.exe [2002-11-11] (Doug Knox)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{49F88D2F-BEF2-4BAB-A775-D4173A03AAE3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E8BB92A5-E42A-465D-B774-C5BC6F026298} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1801674531-448539723-1606980848-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271356564296
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 [2018-07-27]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796 -> hxxps://www.msn.com/en-gb/?ocid=mailsignout&AR=1
FF Extension: (IBM Security Rapport) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-08]
FF Extension: (Video Downloader Pro) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\@video_downloader_pro.xpi [2018-06-17]
FF Extension: (SaveFrom.net helper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\helper-sig@savefrom.net.xpi [2018-07-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (Flash and Video Download) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-15]
FF Extension: (Download with Internet Download Manager (IDM)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ze7rhgw0.default-1462811564796\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-10-16]
FF HKLM\...\Firefox\Extensions: [{051F5AD7-BA56-4780-890F-EAB21B44B01A}] - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A}
FF Extension: (XULRunner) - C:\Documents and Settings\Administrator\Local Settings\Application Data\{051F5AD7-BA56-4780-890F-EAB21B44B01A} [2010-09-16] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-18] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-19] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-11] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-06] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-05-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-05-11] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1801674531-448539723-1606980848-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-10-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-10-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.msn.com/en-gb/
CHR StartupUrls: Default -> "hxxps://www.msn.com/en-gb/"
CHR DefaultSearchURL: Default -> hxxp://www.channel4.com/favicon.ico
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-07-25]
CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (4 On-Demand) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anhngjkonjhfnhekadjnofhcjjhnljhh [2017-11-01]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
CHR Extension: (Video Downloader Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2018-06-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diogmdacmdamkfnkeedajbbeglpeaigi [2017-10-15]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-06-18]
CHR Extension: (The ITV) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enlkekmehifkbcpadgpbhjcepnannhml [2017-11-01]
CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
CHR Extension: (WhatsApp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnpfjngllnobngcgfapefoaidbinmjnm [2017-10-15]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2017-05-19]
CHR Extension: (BBC iPlayer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahnifecgkhjbcbjfkplnplfkcebgafc [2017-11-01]
CHR Extension: (Hangouts) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kffnpbachbhakiomjoichllogeobmoli [2017-10-30]
CHR Extension: (4 Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgkjlaebagdlngdnngcejfejfjfamfjk [2017-10-15]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-06-26]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfheiaeoljbhacojcpijifmiaagpmjha [2017-10-15]
CHR Extension: (TVCatchup - TV Guide) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnkddnodjiogeonmkfjiikfobojmcbk [2017-10-15]
CHR Extension: (My5) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\memeiodlbggpddhlkeoppgnefjdgpcda [2017-11-01]
CHR Extension: (Video Downloader GetThemAll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (ITV CatchUp) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobiaddkhdkdpekghklpdnjagimdmhdi [2017-10-15]
CHR Extension: (TVCatchup - Channels) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obgolfleeijjdgkahmeimjecogcgpaca [2017-10-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
CHR Extension: (All 4) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ploblfmaojdpinjdldecofjjdgkcndda [2017-10-15]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-05-18] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-10] (Adobe Systems Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-07-08] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-07-08] (AVG Technologies CZ, s.r.o.)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [215688 2012-03-15] (SPAMfighter ApS)
R2 st330service; C:\Program Files/Thomson/ST330/service/st330service.exe [581632 2017-10-30] (THOMSON Telecom Belgium) [File not signed]
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1324680 2012-01-23] (SPAMfighter ApS)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed]
R2 ZAMSvc; C:\Program Files\MalwareFox AntiMalware\ZAM.exe [15767792 2018-07-26] (Copyright 2017.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\WINDOWS\System32\DRIVERS\AcpiVpc.sys [7296 2005-10-11] (Lenovo Corporation)
S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed]
S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed]
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [142240 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-07-08] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-07-08] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr.sys [63224 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-24] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\System32\drivers\avgStmXP.sys [198248 2018-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-07-08] (AVG Technologies CZ, s.r.o.)
R3 bbcap; C:\WINDOWS\System32\DRIVERS\bbcap.sys [4096 2012-12-27] (Windows (R) Codename Longhorn DDK provider)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBTP10; C:\WINDOWS\System32\Drivers\TP6810.sys [241704 2006-06-15] (Microsoft Corporation) [File not signed]
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [568320 2009-01-14] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206848 2006-05-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-05-08] (Conexant Systems, Inc.)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [144416 2017-03-22] (Zemana Ltd.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-26] (Lavasoft AB)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2018-07-25] (Malwarebytes)
S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [115790 2002-07-03] (Mars Semiconductor Corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM Corp.)
R1 RapportCerberus_1804077; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-11-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM Corp.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [302720 2004-03-23] ()
R3 ST330; C:\WINDOWS\System32\drivers\st330.sys [30464 2010-09-23] (THOMSON Telecom Belgium)
R3 STBUS; C:\WINDOWS\System32\drivers\stbus.sys [12672 2010-09-23] (THOMSON Telecom Belgium)
S3 STETH; C:\WINDOWS\System32\DRIVERS\steth.sys [40320 2010-09-23] (THOMSON Telecom Belgium)
R3 stppp; C:\WINDOWS\System32\DRIVERS\stppp.sys [32000 2017-05-19] (THOMSON Telecom Belgium)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [37080 2010-08-25] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [395464 2010-08-25] (Paragon)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-08-05] (Acronis)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-08-05] (Acronis)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-07-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-07-26] (Zemana Ltd.)
S3 cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

[slickcondo]

2 of 2 part of the First log[


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-27 22:33 - 2018-07-27 22:33 - 000035339 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2018-07-27 21:54 - 2018-07-27 21:56 - 000000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-27 21:38 - 2018-07-27 21:38 - 000438990 _____ C:\WINDOWS\system32\vsconfig.xml
2018-07-27 21:37 - 2018-07-27 21:37 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
2018-07-27 21:21 - 2018-07-27 21:37 - 000000000 ____D C:\Program Files\CheckPoint
2018-07-27 20:46 - 2018-07-27 22:33 - 000000000 ____D C:\FRST
2018-07-27 20:27 - 2018-07-27 20:21 - 001773056 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2018-07-26 21:26 - 2018-07-26 21:26 - 000000986 _____ C:\Documents and Settings\Administrator\Desktop\Shortcut to Ghostpress.exe.lnk
2018-07-26 17:32 - 2018-07-26 17:32 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2018-07-26 17:32 - 2018-07-26 17:32 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2018-07-26 17:32 - 2018-07-26 17:32 - 000001643 _____ C:\Documents and Settings\All Users\Desktop\MalwareFox AntiMalware.lnk
2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Program Files\MalwareFox AntiMalware
2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MalwareFox AntiMalware
2018-07-26 17:32 - 2018-07-26 17:32 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wolf of Webstreet OPC Private Limited
2018-07-26 11:57 - 2018-07-26 11:57 - 000026795 _____ C:\Documents and Settings\Administrator\My Documents\Azimo transf to Malvic Stg 34.99 incl 2.99 fees birthday - 25 Jul 2018.eml
2018-07-26 11:55 - 2018-07-26 11:55 - 000026765 _____ C:\Documents and Settings\Administrator\My Documents\Azimo Transf for Nancy - for cough med - Stg 28.99 incl 2.99 fees - 25 July 2018.eml
2018-07-25 15:37 - 2018-07-26 21:25 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Ghostpress
2018-07-25 15:31 - 2018-07-25 15:27 - 000691299 _____ C:\Documents and Settings\Administrator\My Documents\Ghostpress.zip
2018-07-25 09:38 - 2018-07-27 22:34 - 044983380 _____ C:\WINDOWS\ZAM.krnl.trace
2018-07-25 09:38 - 2018-07-27 22:33 - 006406469 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-07-25 09:28 - 2017-03-22 12:44 - 000144416 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt32.sys
2018-07-25 09:27 - 2018-07-25 09:38 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Zemana
2018-07-24 05:42 - 2018-07-08 23:32 - 000322800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-07-15 18:05 - 2018-07-15 18:05 - 000000000 _____ C:\Documents and Settings\Administrator\last.dump
2018-07-08 23:40 - 2018-07-24 05:43 - 000001616 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
2018-07-08 23:40 - 2018-07-08 23:40 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2018-07-08 23:34 - 2018-07-27 21:47 - 000000358 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2018-07-08 23:33 - 2018-07-24 05:43 - 000387312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000776504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000198248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStmXP.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000159936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000126056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000064232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000063224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
2018-07-08 23:33 - 2018-07-08 23:32 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000276712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000181240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000157840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000142240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2018-07-08 23:33 - 2018-07-08 23:31 - 000050360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2018-07-08 23:32 - 2018-07-08 23:32 - 001142064 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2018-07-08 23:28 - 2018-07-24 08:09 - 000000000 ____D C:\Program Files\AVG
2018-07-08 23:24 - 2018-07-24 05:33 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2018-07-08 23:24 - 2018-07-08 23:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2018-07-08 23:24 - 2018-07-08 23:24 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2018-07-08 23:04 - 2018-07-08 23:04 - 000180454 _____ C:\Documents and Settings\All Users\Application Data\1531080871.bdinstall.bin
2018-07-08 22:18 - 2018-07-08 22:18 - 000242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2018-07-08 21:23 - 2018-07-08 21:23 - 000031682 _____ C:\Documents and Settings\All Users\Application Data\1531081369.bdinstall.bin
2018-07-08 21:14 - 2018-07-08 21:14 - 000036949 _____ C:\Documents and Settings\All Users\Application Data\1531080857.bdinstall.bin
2018-07-07 05:56 - 2018-07-07 05:56 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Fighters
2018-07-06 09:54 - 2018-07-06 09:54 - 000178007 _____ C:\Documents and Settings\All Users\Application Data\1530867194.bdinstall.bin
2018-07-06 09:53 - 2018-07-06 09:53 - 000036971 _____ C:\Documents and Settings\All Users\Application Data\1530867173.bdinstall.bin
2018-07-06 09:29 - 2018-07-06 09:29 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\LiveKit
2018-07-01 03:00 - 2018-07-01 03:03 - 000018940 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1840.bin
2018-07-01 03:00 - 2013-05-28 04:11 - 000355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2018-07-01 03:00 - 2013-04-22 05:20 - 000164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-07-01 03:00 - 2013-04-17 13:59 - 000633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-07-01 03:00 - 2013-04-17 13:59 - 000486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2018-07-01 02:59 - 2018-07-01 03:01 - 000106707 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1868.bin
2018-07-01 02:58 - 2018-07-01 03:03 - 000038520 _____ C:\Documents and Settings\All Users\Application Data\1530410304.3108.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000009515 _____ C:\Documents and Settings\All Users\Application Data\1530410304.3548.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000003549 _____ C:\Documents and Settings\All Users\Application Data\1530410304.1624.bin
2018-07-01 02:53 - 2018-07-01 02:53 - 000031495 _____ C:\Documents and Settings\All Users\Application Data\1530410007.bdinstall.bin
2018-07-01 02:51 - 2018-07-01 02:51 - 000008079 _____ C:\Documents and Settings\All Users\Application Data\1530409854.5484.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000038957 _____ C:\Documents and Settings\All Users\Application Data\1530409854.6012.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000002406 _____ C:\Documents and Settings\All Users\Application Data\1530409854.4648.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000001390 _____ C:\Documents and Settings\All Users\Application Data\1530409854.5900.bin
2018-07-01 02:50 - 2018-07-01 02:50 - 000036949 _____ C:\Documents and Settings\All Users\Application Data\1530409844.bdinstall.bin
2018-06-29 03:04 - 2018-07-23 10:42 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Declaration of Tax Residency - om..leng pak pak excl
2018-06-29 02:20 - 2018-07-25 11:19 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-06-29 02:19 - 2018-07-25 21:06 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-06-29 02:18 - 2018-06-29 02:18 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2018-06-29 02:18 - 2018-06-29 02:18 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2018-06-29 02:17 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2018-06-28 15:35 - 2018-06-28 15:38 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Digiarty

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-27 22:33 - 2010-04-15 19:08 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2018-07-27 22:25 - 2010-04-15 23:31 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2018-07-27 22:12 - 2017-05-19 05:01 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-07-27 22:12 - 2012-07-16 19:13 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-07-27 21:54 - 2010-04-15 11:51 - 000659190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-27 21:51 - 2017-10-31 00:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\ViberPC
2018-07-27 21:51 - 2017-10-23 20:32 - 000001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job
2018-07-27 21:51 - 2013-01-11 02:18 - 000000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-27 21:51 - 2008-04-14 13:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl
2018-07-27 21:49 - 1996-11-21 00:00 - 000023241 ____H C:\WINDOWS\system32\FFASTLOG.TXT
2018-07-27 21:46 - 2018-04-12 11:37 - 000000316 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-27 21:46 - 2017-10-28 15:45 - 000000344 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-07-27 21:46 - 2017-05-19 05:01 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-07-27 21:46 - 2010-10-05 03:28 - 000000294 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-27 21:46 - 2010-04-15 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-27 21:45 - 2012-06-11 17:46 - 000000031 ____C C:\WINDOWS\system32\bbcap.err
2018-07-27 21:45 - 2010-04-15 11:50 - 000343424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-27 21:44 - 2011-06-20 15:43 - 000329698 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-07-27 21:44 - 2010-04-15 19:07 - 000032362 _____ C:\WINDOWS\SchedLgU.Txt
2018-07-27 21:43 - 2010-04-15 19:08 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2018-07-27 21:43 - 2010-04-15 19:08 - 000000000 ____D C:\Documents and Settings\Administrator
2018-07-27 21:36 - 2015-04-19 21:45 - 000193320 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-07-27 21:35 - 2010-09-26 03:32 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
2018-07-27 21:34 - 2010-04-15 11:42 - 000000000 ___HD C:\WINDOWS\inf
2018-07-27 16:34 - 2010-09-04 19:01 - 000002383 _____ C:\Documents and Settings\All Users\Desktop\VideoMonitor.lnk
2018-07-27 07:53 - 2017-10-14 20:04 - 000002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2018-07-27 01:10 - 2010-08-31 13:22 - 000000302 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-26 23:51 - 2017-10-23 20:32 - 000000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job
2018-07-26 21:24 - 2018-06-18 12:10 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\File Viewer
2018-07-26 21:18 - 2010-09-01 22:36 - 000014848 __SHC C:\WINDOWS\Thumbs.db
2018-07-26 19:57 - 2017-10-16 02:15 - 000000000 ____C C:\WINDOWS\system32\last.dump
2018-07-26 18:04 - 2017-10-30 05:49 - 000000797 _____ C:\Documents and Settings\Administrator\Desktop\Hangouts.lnk
2018-07-26 05:54 - 2011-07-10 16:53 - 000862354 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-448539723-1606980848-500-0.dat
2018-07-25 22:01 - 2011-06-26 22:08 - 000000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2018-07-25 20:31 - 2010-04-15 19:07 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-07-25 15:26 - 2018-05-22 15:21 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2018-07-25 15:26 - 2010-09-20 17:40 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-25 15:21 - 2013-01-10 20:33 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-07-25 15:12 - 2010-09-02 02:52 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\U3
2018-07-24 09:02 - 2015-01-08 22:49 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2018-07-24 08:14 - 2010-04-15 19:09 - 000093968 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-07-24 08:09 - 2016-01-01 16:59 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2018-07-24 05:03 - 2010-04-15 19:06 - 000000000 __SHD C:\Documents and Settings\NetworkService
2018-07-24 05:01 - 2010-04-15 18:59 - 000000000 ____D C:\WINDOWS\Registration
2018-07-23 19:05 - 2014-03-11 17:50 - 000000324 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-23 13:46 - 2018-06-20 14:26 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\ViberDownloads
2018-07-23 00:05 - 2017-10-22 17:00 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2018-07-22 02:01 - 2010-04-15 19:00 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-21 23:59 - 2018-03-13 21:12 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-07-19 14:20 - 2014-03-11 17:50 - 000000342 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job
2018-07-15 15:46 - 2012-12-14 00:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-07-14 18:33 - 2010-09-17 17:50 - 000538624 __SHC C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2018-07-10 15:12 - 2012-05-19 16:02 - 000842240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-07-10 15:12 - 2011-06-15 16:57 - 000175104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-07-08 23:42 - 2017-08-26 01:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2018-07-08 15:00 - 2014-03-11 13:56 - 000000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2018-07-06 09:40 - 2017-10-15 21:48 - 000000000 ____D C:\Program Files\Fighters
2018-07-01 19:56 - 2010-09-11 18:13 - 000002375 _____ C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
2018-07-01 02:02 - 2010-04-15 19:06 - 000000178 __SHC C:\Documents and Settings\NetworkService\ntuser.ini
2018-06-29 10:45 - 2018-06-22 07:55 - 000000000 ____D C:\Program Files\FastStone Capture
2018-06-29 10:22 - 2010-04-15 11:42 - 000000000 ____D C:\WINDOWS\Help
2018-06-28 20:13 - 2010-04-15 11:42 - 000000000 ____D C:\WINDOWS\Network Diagnostic
2018-06-28 16:11 - 2010-09-02 04:30 - 000000116 _____ C:\WINDOWS\NeroDigital.ini
2018-06-27 14:41 - 2016-05-09 12:36 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-27 05:49 - 2018-05-10 02:30 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2010-09-18 12:51 - 2010-09-18 12:53 - 000000015 ____N () C:\Documents and Settings\Administrator\settings.dat
2012-03-13 12:02 - 2012-03-13 12:02 - 000000022 ___SH () C:\Documents and Settings\Administrator\Application Data\Sys2662.Config.Repository.bin
2011-07-08 17:33 - 1996-11-21 08:00 - 000000002 ____C () C:\Documents and Settings\Administrator\Application Data\Microsoft\ArtGalry.cag
2010-08-31 15:21 - 2012-06-11 09:34 - 000100352 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-03 14:13 - 2012-12-03 14:13 - 000027520 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
2010-09-09 20:47 - 2010-09-09 20:47 - 000088278 ____C () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
2017-10-28 20:15 - 2017-10-28 20:15 - 000221100 _____ () C:\Documents and Settings\All Users\Application Data\1509217961.bdinstall.bin
2017-12-16 07:31 - 2017-12-16 07:31 - 000036955 _____ () C:\Documents and Settings\All Users\Application Data\1513405877.bdinstall.bin
2017-12-16 07:35 - 2017-12-16 07:35 - 000178259 _____ () C:\Documents and Settings\All Users\Application Data\1513405883.bdinstall.bin
2017-12-16 08:03 - 2017-12-16 08:03 - 000036971 _____ () C:\Documents and Settings\All Users\Application Data\1513407823.bdinstall.bin
2017-12-16 08:03 - 2017-12-16 08:04 - 000001305 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.2116.bin
2017-12-16 08:03 - 2017-12-16 08:04 - 000002405 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.3164.bin
2017-12-16 08:03 - 2017-12-16 08:04 - 000038977 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.3780.bin
2017-12-16 08:04 - 2017-12-16 08:04 - 000008079 _____ () C:\Documents and Settings\All Users\Application Data\1513407829.4588.bin
2017-12-16 08:04 - 2017-12-16 08:04 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1513407840.bdinstall.bin
2017-12-16 08:04 - 2017-12-16 08:04 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1513407844.bdinstall.bin
2017-12-16 08:16 - 2017-12-16 08:16 - 000093509 _____ () C:\Documents and Settings\All Users\Application Data\1513408284.bdinstall.bin
2017-12-16 08:27 - 2017-12-16 08:27 - 000213884 _____ () C:\Documents and Settings\All Users\Application Data\1513409101.bdinstall.bin
2017-12-17 02:04 - 2017-12-17 02:04 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1513472675.bdinstall.bin
2017-12-17 02:04 - 2017-12-17 02:04 - 000039490 _____ () C:\Documents and Settings\All Users\Application Data\1513472678.bdinstall.bin
2017-12-17 02:05 - 2017-12-17 02:05 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1513472713.bdinstall.bin
2017-12-17 02:08 - 2017-12-17 02:08 - 000096015 _____ () C:\Documents and Settings\All Users\Application Data\1513472717.bdinstall.bin
2017-12-17 02:24 - 2017-12-17 02:24 - 000201480 _____ () C:\Documents and Settings\All Users\Application Data\1513473765.bdinstall.bin
2017-12-17 03:45 - 2017-12-17 03:45 - 000036954 _____ () C:\Documents and Settings\All Users\Application Data\1513478746.bdinstall.bin
2017-12-17 03:46 - 2017-12-17 03:46 - 000179968 _____ () C:\Documents and Settings\All Users\Application Data\1513478752.bdinstall.bin
2018-06-26 11:58 - 2018-06-26 11:58 - 000037227 _____ () C:\Documents and Settings\All Users\Application Data\1530010692.bdinstall.bin
2018-06-26 12:00 - 2018-06-26 12:00 - 000178655 _____ () C:\Documents and Settings\All Users\Application Data\1530010711.bdinstall.bin
2018-07-01 02:50 - 2018-07-01 02:50 - 000036949 _____ () C:\Documents and Settings\All Users\Application Data\1530409844.bdinstall.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000002406 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.4648.bin
2018-07-01 02:51 - 2018-07-01 02:51 - 000008079 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.5484.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000001390 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.5900.bin
2018-07-01 02:50 - 2018-07-01 02:51 - 000038957 _____ () C:\Documents and Settings\All Users\Application Data\1530409854.6012.bin
2018-07-01 02:53 - 2018-07-01 02:53 - 000031495 _____ () C:\Documents and Settings\All Users\Application Data\1530410007.bdinstall.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000003549 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1624.bin
2018-07-01 03:00 - 2018-07-01 03:03 - 000018940 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1840.bin
2018-07-01 02:59 - 2018-07-01 03:01 - 000106707 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.1868.bin
2018-07-01 02:58 - 2018-07-01 03:03 - 000038520 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.3108.bin
2018-07-01 02:58 - 2018-07-01 03:01 - 000009515 _____ () C:\Documents and Settings\All Users\Application Data\1530410304.3548.bin
2018-07-06 09:53 - 2018-07-06 09:53 - 000036971 _____ () C:\Documents and Settings\All Users\Application Data\1530867173.bdinstall.bin
2018-07-06 09:54 - 2018-07-06 09:54 - 000178007 _____ () C:\Documents and Settings\All Users\Application Data\1530867194.bdinstall.bin
2018-07-08 21:14 - 2018-07-08 21:14 - 000036949 _____ () C:\Documents and Settings\All Users\Application Data\1531080857.bdinstall.bin
2018-07-08 23:04 - 2018-07-08 23:04 - 000180454 _____ () C:\Documents and Settings\All Users\Application Data\1531080871.bdinstall.bin
2018-07-08 21:23 - 2018-07-08 21:23 - 000031682 _____ () C:\Documents and Settings\All Users\Application Data\1531081369.bdinstall.bin

Some files in TEMP:
====================
2018-07-24 05:19 - 2018-07-24 05:19 - 000275504 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\avg-02156976-04c5-411e-9f19-d4534729576b.exe
2018-07-08 23:25 - 2018-07-08 23:25 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-c5e9d657-0c6a-4972-adfc-e3430ab0f668.exe
2018-07-24 05:22 - 2018-07-24 05:22 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d93f861c-c875-4542-b883-d71d8265455a.exe
2018-07-24 05:33 - 2018-07-24 05:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Administrator\Local Settings\Temp\avg-d965805c-442b-405f-8e15-9576c5e61e07.exe
2018-07-01 19:56 - 2018-07-01 19:56 - 000511640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\CDRun.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[slickcondo]

Additional log 1 of 2 parts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Administrator (27-07-2018 22:34:45)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-04-15 18:05:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1801674531-448539723-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1801674531-448539723-1606980848-1003 - Limited - Enabled)
Guest (S-1-5-21-1801674531-448539723-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1801674531-448539723-1606980848-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1801674531-448539723-1606980848-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image WD*Edition (HKLM\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14157 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Any Video Converter 3.3.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
AxCrypt 1.7.3156.0 (HKLM\...\{DB066768-5A50-4C44-815B-4E8A6A39335E}) (Version: 1.7.3156.0 - Axantum Software AB)
BB FlashBack Express (HKLM\...\BB FlashBack Express) (Version: 3.2.7.2349 - Blueberry)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
ClipGrab 3.6.8 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Digital Camera Driver (HKLM\...\Digital Camera Driver) (Version: - )
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.2.2 - DivX, Inc.)
Dr SpeedTouch (HKLM\...\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}) (Version: - )
EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: - )
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Eraser 5.82 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.82 - Heidi Computers Ltd.)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
File Identifier (HKLM\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Lite (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.4.1 - Sharpened Productions)
Freemake Video Converter version 4.1.10 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hard Disk Sentinel (HKLM\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.260 - Oracle)
K-Lite Codec Pack 8.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Macrium Reflect - Free Edition (HKLM\...\{BB912177-24CC-4AEE-8329-97D7ACD125D4}) (Version: 4.2.3775 - Macrium)
Magitime (HKLM\...\Magitime) (Version: - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MalwareFox AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 52.9.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-GB)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSRuntime Libraries (HKLM\...\{ECA2B21B-A180-4775-B93F-6E404E36A8CC}) (Version: 1.0.0 - Thomson)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
O2InstV3Win7UpdateV2 (HKLM\...\{74B1CEB6-B4BF-46FD-8080-CE3C1809B010}) (Version: 10 - SupportSoft) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickOn Button (HKLM\...\QkOnBtn) (Version: - )
QuickStroke (HKLM\...\{2BDBE4EC-89F3-4663-8C00-F9E2EC726AF5}) (Version: - )
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Registry Drill (HKLM\...\Registry Drill4.4) (Version: 4.4 - Easy Desk Software) <==== ATTENTION
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
SmartCamera Ver 2.1 (HKLM\...\{9527450C-64B3-11D5-9B31-000021116B62}) (Version: 2.01.0001 - MingjongTechnologies CO.,LTD.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA2075) (Version: - )
SPAMfighter (HKLM\...\{AD0002B9-2363-43C5-BA94-2A71AD86BE17}) (Version: 7.5.131 - Spamfighter ApS) Hidden
SPAMfighter (HKLM\...\SPAMfighter) (Version: 7.5.131 - Spamfighter ApS)
SpeedTouch 330 (HKLM\...\SpeedTouch 330) (Version: - )
Startup Cop (HKLM\...\Startup Cop) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
USB PC Camera (SN9C103) (HKLM\...\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}) (Version: 4.6.6.0 - )
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1801674531-448539723-1606980848-500\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-448539723-1606980848-500_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\MalwareFox AntiMalware\ZAMShellExt32.dll [2018-07-26] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [SDContextExt] -> {70F8E90E-353A-47AB-B297-C576345EE693} => -> No File
ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RShellExt.dll [2011-07-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2006-05-08] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\MalwareFox AntiMalware\ZAMShellExt32.dll [2018-07-26] ()
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-07-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2014-01-16] (Axantum Software AB)
ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2006-12-26] (-)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-448539723-1606980848-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-448539723-1606980848-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\4 On-Demand.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=anhngjkonjhfnhekadjnofhcjjhnljhh
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\BBC iPlayer.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jahnifecgkhjbcbjfkplnplfkcebgafc
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\Hangouts.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kffnpbachbhakiomjoichllogeobmoli
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\My5.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=memeiodlbggpddhlkeoppgnefjdgpcda
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\The ITV.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enlkekmehifkbcpadgpbhjcepnannhml
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Chrome Apps\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm
ShortcutWithArgument: C:\Documents and Settings\Administrator\Desktop\WhatsApp.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm

==================== Loaded Modules (Whitelisted) ==============

2017-10-30 08:23 - 2017-10-30 08:23 - 004349952 _____ () C:\Program Files\Thomson\ST330\service\qt-mt337.dll
2018-07-08 23:32 - 2018-07-08 23:32 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-07-27 20:37 - 2018-07-27 20:37 - 005890800 _____ () C:\Program Files\AVG\Antivirus\defs\18072704\algo.dll
2018-07-08 23:32 - 2018-07-08 23:32 - 000986352 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-07-08 23:39 - 2018-07-08 23:39 - 000907504 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-07-08 23:32 - 2018-07-08 23:32 - 000533744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-07-26 17:32 - 2018-07-26 17:32 - 000131952 _____ () C:\Program Files\MalwareFox AntiMalware\ZAMShellExt32.dll
2015-06-02 16:51 - 2015-06-02 16:51 - 000545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2010-09-04 19:02 - 2004-01-06 02:34 - 000040960 _____ () C:\WINDOWS\vsnpstd2.exe
2017-10-30 08:23 - 2017-10-30 08:23 - 004222976 _____ () C:\Program Files\Thomson\ST330\diagnostics\qt-mt332.dll
2017-10-30 08:23 - 2017-10-30 08:23 - 000364544 _____ () C:\Program Files\Thomson\ST330\diagnostics\qwt.dll
2012-03-15 11:44 - 2012-03-15 11:44 - 000549512 _____ () C:\Program Files\Fighters\SPAMfighter\sfsg.dll
2012-03-15 11:44 - 2017-10-15 21:50 - 000966248 ____T () C:\Program Files\Fighters\SPAMfighter\sfse.dll
2018-05-21 10:06 - 2017-07-26 11:57 - 000080896 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-07-01 12:55 - 2011-07-01 12:55 - 000220824 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2018-07-08 23:40 - 2018-07-08 23:40 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2010-09-04 19:02 - 2003-10-24 19:21 - 000053248 ____C () C:\WINDOWS\system32\dsnpstd2.dll
2010-09-08 10:45 - 2010-09-08 10:45 - 001034752 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-09-08 10:53 - 2010-09-08 10:53 - 000886272 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files\Skype\Phone\skypert.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-09-08 10:44 - 2010-09-08 10:44 - 000484352 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2007-02-13 01:31 - 2007-02-13 01:31 - 001111552 _____ () C:\Program Files\FastStone Capture\FSCapture.exe