Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Jan 2015
    Posts
    4
    Points
    0

    Default Detective found suspicious entries

    Hi, just used your detective & came up with suspicious entries, could you plese check over.
    Cheers Jed

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 5:10:09 PM, on 6/01/2015
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    CHROME: 27.0.1453.116
    FIREFOX: 34.0.5 (x86 en-GB)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Autoserv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\My Documents\downloads\HijackThis(1).exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
    O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\Telstra\Telstra Connection Manager\WaHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:\WINDOWS\system32\BelkinMonitor.exe
    O4 - Global Startup: NetworkPrinter.lnk = ?
    O4 - Global Startup: Updater.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: autod - Unknown owner - C:\WINDOWS\system32\Autoserv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe

    --
    End of file - 7745 bytes


    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 6/01/2015
    Scan Time: 4:42:56 PM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.06.02
    Rootkit Database: v2014.12.30.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: All U Need- Workshop

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 355271
    Time Elapsed: 16 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\Freeze.com, Quarantined, [c06a06ee50398da9de1f8addc93a6799],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/06/2015 at 05:05 PM

    Application Version : 6.0.1168
    Database Version : 11668

    Scan type : Complete Scan
    Total Scan Time : 00:23:46

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 440
    Memory threats detected : 0
    Registry items scanned : 20534
    Registry threats detected : 0
    File items scanned : 25622
    File threats detected : 34

    Adware.Tracking Cookie
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .adition.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ALL U NEED- WORKSHOP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R3OWXMB1.DEFAULT\COOKIES.SQLITE ]

    ============
    End of Log
    ============

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to Help2go!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!


    Can we have a closer look


    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    Thanks
    Joe

  3. #3
    Member
    Join Date
    Jan 2015
    Posts
    4
    Points
    0

    Default

    Hi Joe,
    Thank you
    Here are logs

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
    Ran by All U Need- Workshop (administrator) on WS-SERVER on 07-01-2015 07:28:09
    Running from C:\Documents and Settings\All U Need- Workshop\Desktop
    Loaded Profile: All U Need- Workshop (Available profiles: All U Need- Workshop & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 6 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\WINDOWS\system32\Autoserv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
    HKLM\...\Run: [TRUUpdater] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [570736 2010-08-05] (Sierra Wireless, Inc.)
    HKLM\...\Run: [WatcherHelper] => C:\Program files\Telstra\Telstra Connection Manager\WaHelper.exe [103792 2010-06-23] (Sierra Wireless Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-19] (Google Inc.)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-19] (SUPERAntiSpyware)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-10] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {2d37508c-8b90-11e2-acb1-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {39cc3535-4aea-11e1-ac5c-00a0d5ffffae} - F:\setup.exe -a
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {5087bf7f-8609-11e2-acb0-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f693-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f69e-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e96c60aa-9599-11e0-9cf9-001d0fb0098f} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {f9903fee-bcbc-11e0-9cfe-001fd09f9814} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {ff0dc48a-4506-11de-9c2a-001d0fb0098f} - F:\LaunchU3.exe -a
    Startup: C:\Documents and Settings\All U Need- Workshop\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\All U Need- Workshop\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk
    ShortcutTarget: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk -> C:\WINDOWS\system32\BelkinMonitor.exe ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetworkPrinter.lnk
    ShortcutTarget: NetworkPrinter.lnk -> C:\pcutil\BIN\Gsan2PcUtility_NetworkPrinter.exe (GIT)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updater.lnk
    ShortcutTarget: Updater.lnk -> C:\pcutil\BIN\PCUtilUpdater.exe (G.I.T)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Home | USA News.com
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    URLSearchHook: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=1C99E1AC-9E71-4764-BE6D-8A5B4BEE3EC7&apn_sauid=FBF2F26C-D62F-4CB4-A4BE-452767D1BA86
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-11-12] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\All U Need- Workshop\Application Data\Mozilla\Firefox\Profiles\r3owxmb1.default
    FF NewTab: hxxp://www.news.net/index.php?referid=144
    FF SearchEngineOrder.1: Ask.com
    FF Homepage: hxxp://www.caltex.com.au/ProductsAndServices/Lubricants/Pages/OilFinder.aspx
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin: @alibaba.com/nptrademanager;version=1.0 -> C:\DOCUME~1\ALLUNE~1\LOCALS~1\Temp\..\application data\nptrademanager\nptrademanager.dll ( )
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin: @liveblockauctions.com/Launcher -> C:\Program Files\LAI\plugins\npLaiLauncher.dll (Liveblock Auctions Internatioal)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1708537768-2000478354-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    FF Plugin HKU\S-1-5-21-1708537768-2000478354-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    FF user.js: detected! => C:\Documents and Settings\All U Need- Workshop\Application Data\Mozilla\Firefox\Profiles\r3owxmb1.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( )
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\All U Need- Workshop\Application Data\Mozilla\Firefox\Profiles\r3owxmb1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-10]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-10]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-07]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-31]

    Chrome:
    =======
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
    CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Google Update) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    CHR Plugin: (LiveBlock Auctions International V5 launcher plugin) - C:\Program Files\LAI\plugins\npLaiLauncher.dll (Liveblock Auctions Internatioal)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-19]
    CHR Extension: (Google Search) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-19]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-19]
    CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2012-05-31]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]
    CHR HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2012-05-31]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-15] (SUPERAntiSpyware.com)
    R2 autod; C:\WINDOWS\system32\Autoserv.exe [436736 2007-10-09] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
    S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-21] (AVAST Software)
    R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
    R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
    R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [218480 2010-08-30] (Sierra Wireless, Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2011-06-13] (Meetinghouse Data Communications) [File not signed]
    R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-02-21] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
    R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-02-21] (ALWIL Software)
    R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252592 2014-02-21] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-15] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-15] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
    R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider) [File not signed]
    S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2010-12-14] (FTDI Ltd.)
    S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2009-01-01] (Windows (R) 2000 DDK provider)
    R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2009-11-23] (NewTech Infosystems, Inc.) [File not signed]
    R3 pcand5bk; C:\WINDOWS\system32\pcand5bk.SYS [15104 2002-09-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-10-06] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [252928 2006-01-13] (Ralink Technology, Corp.) [File not signed]
    R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtHDMI.sys [3684352 2008-08-26] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-11-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2012-08-22] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2012-11-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [41896 2011-05-27] (SafeNet, Inc.)
    S3 swiwdmbus; C:\WINDOWS\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-21] (Sierra Wireless Inc.)
    S3 swmsflt; C:\WINDOWS\System32\DRIVERS\swmsflt.sys [28288 2009-11-26] ()
    S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-21] (Sierra Wireless Inc.)
    S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [156544 2010-06-21] (Sierra Wireless Inc.)
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S4 IntelIde; No ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 WinDriver6; system32\drivers\windrvr6.sys [X]
    U1 WS2IFSL; No ImagePath
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 07:28 - 2015-01-07 07:28 - 00023908 _____ () C:\Documents and Settings\All U Need- Workshop\Desktop\FRST.txt
    2015-01-07 07:27 - 2015-01-07 07:28 - 00000000 ___DC () C:\FRST
    2015-01-07 07:27 - 2015-01-07 07:26 - 01115136 _____ (Farbar) C:\Documents and Settings\All U Need- Workshop\Desktop\FRST.exe
    2015-01-06 17:06 - 2015-01-06 17:06 - 00001144 ____C () C:\mbam.txt
    2015-01-06 16:23 - 2015-01-06 16:27 - 00000000 ___DC () C:\AdwCleaner
    2014-12-10 10:15 - 2014-12-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 07:28 - 2009-05-19 11:42 - 00000010 _____ () C:\WINDOWS\system32\datelog.dat
    2015-01-07 07:28 - 2009-05-19 11:42 - 00000010 _____ () C:\WINDOWS\datelog.dat
    2015-01-07 07:28 - 2009-05-15 16:18 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp
    2015-01-07 07:01 - 2013-05-31 12:56 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-07 06:38 - 2012-06-19 10:08 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003UA.job
    2015-01-07 06:36 - 2013-05-20 07:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-07 06:36 - 2010-03-15 11:25 - 00032418 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-07 03:13 - 2012-08-31 12:46 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-07 00:29 - 2010-04-14 13:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-06 22:32 - 2010-03-15 11:24 - 01856332 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-06 21:01 - 2013-05-31 12:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-06 17:05 - 2014-10-09 16:41 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-06 16:19 - 2009-05-15 16:18 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop
    2015-01-06 14:38 - 2012-06-19 10:08 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003Core.job
    2015-01-05 10:54 - 2011-05-29 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2014-12-23 12:02 - 2011-05-25 14:37 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
    2014-12-18 13:51 - 2009-04-25 03:47 - 00002521 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word 2007.lnk
    2014-12-16 09:28 - 2009-04-25 03:47 - 00002449 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Publisher 2007.lnk
    2014-12-16 08:35 - 2010-03-15 11:25 - 00000230 ____N () C:\WINDOWS\wiadebug.log
    2014-12-11 12:48 - 2010-03-15 11:25 - 00000050 ____N () C:\WINDOWS\wiaservc.log
    2014-12-11 12:48 - 2004-08-04 22:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-11 12:47 - 2014-04-01 00:29 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-11 12:47 - 2012-05-11 11:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-12-11 12:47 - 2009-01-01 01:32 - 00003568 _____ () C:\WINDOWS\system32\ativvaxx.cap
    2014-12-11 12:47 - 2009-01-01 01:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-11 12:11 - 2009-05-15 16:18 - 00000178 ___SH () C:\Documents and Settings\All U Need- Workshop\ntuser.ini
    2014-12-11 11:47 - 2009-05-25 12:40 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Application Data\vlc
    2014-12-11 11:44 - 2010-05-12 07:48 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Start Menu\Programs\WinRAR
    2014-12-11 10:53 - 2009-01-01 02:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-12-11 10:48 - 2013-08-09 12:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-11 10:43 - 2009-05-04 10:00 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-10 16:36 - 2014-09-10 22:36 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-12-10 16:36 - 2012-05-22 08:08 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-10 16:36 - 2011-08-18 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-10 13:19 - 2012-01-19 12:02 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2014-12-10 13:19 - 2010-01-07 13:43 - 00000000 ____D () C:\Program Files\CCleaner
    2014-12-08 15:00 - 2014-04-01 00:29 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-12-08 08:52 - 2014-10-09 16:40 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-08 08:52 - 2014-10-09 16:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-08 08:52 - 2014-10-09 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-08 08:50 - 2012-03-19 12:55 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Application Data\uTorrent

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temp\_isD.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfjy6q.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\htmlayout.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\pdf-editor_full1042.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
    Ran by All U Need- Workshop at 2015-01-07 07:28:48
    Running from C:\Documents and Settings\All U Need- Workshop\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\uTorrent) (Version: 3.3.2.29944 - BitTorrent Inc.)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AliIM Plugins for Browser (HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
    AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
    Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
    ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0731.2321 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.522-080731a-067777C-Gigabyte - )
    ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Belkin 11Mbps Wireless Desktop Network Card (HKLM\...\{1D2B8719-8BD8-40BB-9377-1CAD8AD548F4}) (Version: - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Configuration Utility (HKLM\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.) <==== ATTENTION
    Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
    Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
    Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
    ccc-core-preinstall (Version: 2008.0731.2322.39992 - ATI) Hidden
    ccc-core-static (Version: 2008.0731.2322.39992 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Google Chrome (HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Google Chrome) (Version: 27.0.1453.116 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    G-scan PC Utility (HKLM\...\{DAEE3765-BEBF-461C-985F-4EA92207F049}) (Version: 13.05.1401 - GIT)
    G-scan PC Utility (Version: 13.05.1401 - GIT) Hidden
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
    iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
    LAI V5 Launcher (HKLM\...\LAI V5 Launcher) (Version: 1.0.0.2 - LiveBlock Auctions International)
    LAI V5 Launcher (Version: 1.0.0.2 - LiveBlock Auctions International) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Readiris Corporate 14 (HKLM\...\{4FAAB5FC-DADF-4444-A782-778CB49FDDF3}) (Version: 14.00.2826 - I.R.I.S.)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5694 - Realtek Semiconductor Corp.)
    Skins (Version: 2008.0731.2322.39992 - ATI) Hidden
    SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.32.0.1000 - SUPERAntiSpyware.com)
    Telstra Connection Manager (HKLM\...\{F8FB79CE-C246-4444-9ABF-BECC6A88A3B1}) (Version: 6.0.2776.0401 - Sierra Wireless Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
    Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
    Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1708537768-2000478354-725345543-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1708537768-2000478354-725345543-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\delegate_execute.exe (Google Inc.)

    ==================== Restore Points =========================

    20-12-2014 14:57:14 System Checkpoint
    21-12-2014 15:57:14 System Checkpoint
    22-12-2014 16:58:20 System Checkpoint
    23-12-2014 17:57:14 System Checkpoint
    24-12-2014 18:57:14 System Checkpoint
    25-12-2014 19:57:14 System Checkpoint
    26-12-2014 20:57:14 System Checkpoint
    27-12-2014 21:57:14 System Checkpoint
    28-12-2014 22:57:14 System Checkpoint
    29-12-2014 23:57:14 System Checkpoint
    31-12-2014 00:57:14 System Checkpoint
    01-01-2015 01:57:14 System Checkpoint
    02-01-2015 02:57:14 System Checkpoint
    03-01-2015 03:57:15 System Checkpoint
    04-01-2015 03:57:26 System Checkpoint
    05-01-2015 04:57:35 System Checkpoint
    06-01-2015 05:57:26 System Checkpoint
    07-01-2015 06:52:24 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-04 22:00 - 2004-08-04 22:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003Core.job => C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003UA.job => C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-07 05:37 - 2015-01-07 05:37 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010601\algo.dll
    2013-11-23 13:48 - 2014-11-15 03:13 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-05-19 11:39 - 2007-10-09 16:11 - 00436736 ____N () C:\WINDOWS\system32\Autoserv.exe
    2011-05-29 16:42 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-12-10 10:15 - 2014-12-10 10:15 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:55159871
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DEC599F
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBADE846
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE68C149

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: SUPERAntiSpyware => H:\SUPERAntiSpyware.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1708537768-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    All U Need- Workshop (S-1-5-21-1708537768-2000478354-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\All U Need- Workshop
    Guest (S-1-5-21-1708537768-2000478354-725345543-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1708537768-2000478354-725345543-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1708537768-2000478354-725345543-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: WinDriver
    Description: WinDriver
    Class Guid: {C671678C-82C1-43F3-D700-0049433E9A4B}
    Manufacturer: Jungo
    Service: WinDriver6
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/07/2015 06:45:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 06:45:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 06:12:43 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 06:12:43 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:46:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:46:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:28:01 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:28:01 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 02:49:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 02:49:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) 8650 Triple-Core Processor
    Percentage of memory in use: 54%
    Total physical RAM: 1790.42 MB
    Available physical RAM: 811.2 MB
    Total Pagefile: 3684.58 MB
    Available Pagefile: 2905.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1951.25 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:29.29 GB) (Free:1.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (Data) (Fixed) (Total:436.47 GB) (Free:406.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 9C39EAFC)
    Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=436.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  4. #4
    Member
    Join Date
    Jan 2015
    Posts
    4
    Points
    0

    Default

    Hi Joe,
    Thank you
    Here are logs

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
    Ran by All U Need- Workshop (administrator) on WS-SERVER on 07-01-2015 07:28:09
    Running from C:\Documents and Settings\All U Need- Workshop\Desktop
    Loaded Profile: All U Need- Workshop (Available profiles: All U Need- Workshop & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 6 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\WINDOWS\system32\Autoserv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
    HKLM\...\Run: [TRUUpdater] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [570736 2010-08-05] (Sierra Wireless, Inc.)
    HKLM\...\Run: [WatcherHelper] => C:\Program files\Telstra\Telstra Connection Manager\WaHelper.exe [103792 2010-06-23] (Sierra Wireless Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-19] (Google Inc.)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-19] (SUPERAntiSpyware)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-10] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {2d37508c-8b90-11e2-acb1-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {39cc3535-4aea-11e1-ac5c-00a0d5ffffae} - F:\setup.exe -a
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {5087bf7f-8609-11e2-acb0-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f693-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f69e-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e96c60aa-9599-11e0-9cf9-001d0fb0098f} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {f9903fee-bcbc-11e0-9cfe-001fd09f9814} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {ff0dc48a-4506-11de-9c2a-001d0fb0098f} - F:\LaunchU3.exe -a
    Startup: C:\Documents and Settings\All U Need- Workshop\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\All U Need- Workshop\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk
    ShortcutTarget: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk -> C:\WINDOWS\system32\BelkinMonitor.exe ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetworkPrinter.lnk
    ShortcutTarget: NetworkPrinter.lnk -> C:\pcutil\BIN\Gsan2PcUtility_NetworkPrinter.exe (GIT)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updater.lnk
    ShortcutTarget: Updater.lnk -> C:\pcutil\BIN\PCUtilUpdater.exe (G.I.T)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Home | USA News.com
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    URLSearchHook: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=1C99E1AC-9E71-4764-BE6D-8A5B4BEE3EC7&apn_sauid=FBF2F26C-D62F-4CB4-A4BE-452767D1BA86
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-11-12] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\All U Need- Workshop\Application Data\Mozilla\Firefox\Profiles\r3owxmb1.default
    FF NewTab: hxxp://www.news.net/index.php?referid=144
    FF SearchEngineOrder.1: Ask.com
    FF Homepage: hxxp://www.caltex.com.au/ProductsAndServices/Lubricants/Pages/OilFinder.aspx
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin: @alibaba.com/nptrademanager;version=1.0 -> C:\DOCUME~1\ALLUNE~1\LOCALS~1\Temp\..\application data\nptrademanager\nptrademanager.dll ( )
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin: @liveblockauctions.com/Launcher -> C:\Program Files\LAI\plugins\npLaiLauncher.dll (Liveblock Auctions Internatioal)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1708537768-2000478354-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    FF Plugin HKU\S-1-5-21-1708537768-2000478354-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    FF user.js: detected! => C:\Documents and Settings\All U Need- Workshop\Application Data\Mozilla\Firefox\Profiles\r3owxmb1.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( )
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\All U Need- Workshop\Application Data\Mozilla\Firefox\Profiles\r3owxmb1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-10]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-10]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-07]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-31]

    Chrome:
    =======
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
    CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Google Update) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    CHR Plugin: (LiveBlock Auctions International V5 launcher plugin) - C:\Program Files\LAI\plugins\npLaiLauncher.dll (Liveblock Auctions Internatioal)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-19]
    CHR Extension: (Google Search) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-19]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-19]
    CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2012-05-31]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]
    CHR HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2012-05-31]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-15] (SUPERAntiSpyware.com)
    R2 autod; C:\WINDOWS\system32\Autoserv.exe [436736 2007-10-09] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
    S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-21] (AVAST Software)
    R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
    R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
    R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [218480 2010-08-30] (Sierra Wireless, Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2011-06-13] (Meetinghouse Data Communications) [File not signed]
    R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-02-21] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
    R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-02-21] (ALWIL Software)
    R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252592 2014-02-21] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-15] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-15] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
    R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider) [File not signed]
    S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2010-12-14] (FTDI Ltd.)
    S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2009-01-01] (Windows (R) 2000 DDK provider)
    R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2009-11-23] (NewTech Infosystems, Inc.) [File not signed]
    R3 pcand5bk; C:\WINDOWS\system32\pcand5bk.SYS [15104 2002-09-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-10-06] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [252928 2006-01-13] (Ralink Technology, Corp.) [File not signed]
    R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtHDMI.sys [3684352 2008-08-26] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-11-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2012-08-22] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2012-11-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [41896 2011-05-27] (SafeNet, Inc.)
    S3 swiwdmbus; C:\WINDOWS\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-21] (Sierra Wireless Inc.)
    S3 swmsflt; C:\WINDOWS\System32\DRIVERS\swmsflt.sys [28288 2009-11-26] ()
    S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-21] (Sierra Wireless Inc.)
    S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [156544 2010-06-21] (Sierra Wireless Inc.)
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S4 IntelIde; No ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 WinDriver6; system32\drivers\windrvr6.sys [X]
    U1 WS2IFSL; No ImagePath
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 07:28 - 2015-01-07 07:28 - 00023908 _____ () C:\Documents and Settings\All U Need- Workshop\Desktop\FRST.txt
    2015-01-07 07:27 - 2015-01-07 07:28 - 00000000 ___DC () C:\FRST
    2015-01-07 07:27 - 2015-01-07 07:26 - 01115136 _____ (Farbar) C:\Documents and Settings\All U Need- Workshop\Desktop\FRST.exe
    2015-01-06 17:06 - 2015-01-06 17:06 - 00001144 ____C () C:\mbam.txt
    2015-01-06 16:23 - 2015-01-06 16:27 - 00000000 ___DC () C:\AdwCleaner
    2014-12-10 10:15 - 2014-12-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-07 07:28 - 2009-05-19 11:42 - 00000010 _____ () C:\WINDOWS\system32\datelog.dat
    2015-01-07 07:28 - 2009-05-19 11:42 - 00000010 _____ () C:\WINDOWS\datelog.dat
    2015-01-07 07:28 - 2009-05-15 16:18 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp
    2015-01-07 07:01 - 2013-05-31 12:56 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-07 06:38 - 2012-06-19 10:08 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003UA.job
    2015-01-07 06:36 - 2013-05-20 07:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-07 06:36 - 2010-03-15 11:25 - 00032418 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-07 03:13 - 2012-08-31 12:46 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-07 00:29 - 2010-04-14 13:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-06 22:32 - 2010-03-15 11:24 - 01856332 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-06 21:01 - 2013-05-31 12:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-06 17:05 - 2014-10-09 16:41 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-06 16:19 - 2009-05-15 16:18 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop
    2015-01-06 14:38 - 2012-06-19 10:08 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003Core.job
    2015-01-05 10:54 - 2011-05-29 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2014-12-23 12:02 - 2011-05-25 14:37 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
    2014-12-18 13:51 - 2009-04-25 03:47 - 00002521 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word 2007.lnk
    2014-12-16 09:28 - 2009-04-25 03:47 - 00002449 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Publisher 2007.lnk
    2014-12-16 08:35 - 2010-03-15 11:25 - 00000230 ____N () C:\WINDOWS\wiadebug.log
    2014-12-11 12:48 - 2010-03-15 11:25 - 00000050 ____N () C:\WINDOWS\wiaservc.log
    2014-12-11 12:48 - 2004-08-04 22:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-11 12:47 - 2014-04-01 00:29 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-11 12:47 - 2012-05-11 11:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-12-11 12:47 - 2009-01-01 01:32 - 00003568 _____ () C:\WINDOWS\system32\ativvaxx.cap
    2014-12-11 12:47 - 2009-01-01 01:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-11 12:11 - 2009-05-15 16:18 - 00000178 ___SH () C:\Documents and Settings\All U Need- Workshop\ntuser.ini
    2014-12-11 11:47 - 2009-05-25 12:40 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Application Data\vlc
    2014-12-11 11:44 - 2010-05-12 07:48 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Start Menu\Programs\WinRAR
    2014-12-11 10:53 - 2009-01-01 02:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-12-11 10:48 - 2013-08-09 12:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-11 10:43 - 2009-05-04 10:00 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-10 16:36 - 2014-09-10 22:36 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-12-10 16:36 - 2012-05-22 08:08 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-10 16:36 - 2011-08-18 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-10 13:19 - 2012-01-19 12:02 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2014-12-10 13:19 - 2010-01-07 13:43 - 00000000 ____D () C:\Program Files\CCleaner
    2014-12-08 15:00 - 2014-04-01 00:29 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-12-08 08:52 - 2014-10-09 16:40 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-08 08:52 - 2014-10-09 16:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-08 08:52 - 2014-10-09 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-08 08:50 - 2012-03-19 12:55 - 00000000 ____D () C:\Documents and Settings\All U Need- Workshop\Application Data\uTorrent

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temp\_isD.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfjy6q.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\htmlayout.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\pdf-editor_full1042.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
    Ran by All U Need- Workshop at 2015-01-07 07:28:48
    Running from C:\Documents and Settings\All U Need- Workshop\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\uTorrent) (Version: 3.3.2.29944 - BitTorrent Inc.)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AliIM Plugins for Browser (HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
    AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
    Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
    ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0731.2321 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.522-080731a-067777C-Gigabyte - )
    ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Belkin 11Mbps Wireless Desktop Network Card (HKLM\...\{1D2B8719-8BD8-40BB-9377-1CAD8AD548F4}) (Version: - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Configuration Utility (HKLM\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.) <==== ATTENTION
    Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
    Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
    Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
    ccc-core-preinstall (Version: 2008.0731.2322.39992 - ATI) Hidden
    ccc-core-static (Version: 2008.0731.2322.39992 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Google Chrome (HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\Google Chrome) (Version: 27.0.1453.116 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    G-scan PC Utility (HKLM\...\{DAEE3765-BEBF-461C-985F-4EA92207F049}) (Version: 13.05.1401 - GIT)
    G-scan PC Utility (Version: 13.05.1401 - GIT) Hidden
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
    iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
    LAI V5 Launcher (HKLM\...\LAI V5 Launcher) (Version: 1.0.0.2 - LiveBlock Auctions International)
    LAI V5 Launcher (Version: 1.0.0.2 - LiveBlock Auctions International) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Readiris Corporate 14 (HKLM\...\{4FAAB5FC-DADF-4444-A782-778CB49FDDF3}) (Version: 14.00.2826 - I.R.I.S.)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5694 - Realtek Semiconductor Corp.)
    Skins (Version: 2008.0731.2322.39992 - ATI) Hidden
    SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.32.0.1000 - SUPERAntiSpyware.com)
    Telstra Connection Manager (HKLM\...\{F8FB79CE-C246-4444-9ABF-BECC6A88A3B1}) (Version: 6.0.2776.0401 - Sierra Wireless Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
    Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
    Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1708537768-2000478354-725345543-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1708537768-2000478354-725345543-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\delegate_execute.exe (Google Inc.)

    ==================== Restore Points =========================

    20-12-2014 14:57:14 System Checkpoint
    21-12-2014 15:57:14 System Checkpoint
    22-12-2014 16:58:20 System Checkpoint
    23-12-2014 17:57:14 System Checkpoint
    24-12-2014 18:57:14 System Checkpoint
    25-12-2014 19:57:14 System Checkpoint
    26-12-2014 20:57:14 System Checkpoint
    27-12-2014 21:57:14 System Checkpoint
    28-12-2014 22:57:14 System Checkpoint
    29-12-2014 23:57:14 System Checkpoint
    31-12-2014 00:57:14 System Checkpoint
    01-01-2015 01:57:14 System Checkpoint
    02-01-2015 02:57:14 System Checkpoint
    03-01-2015 03:57:15 System Checkpoint
    04-01-2015 03:57:26 System Checkpoint
    05-01-2015 04:57:35 System Checkpoint
    06-01-2015 05:57:26 System Checkpoint
    07-01-2015 06:52:24 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-04 22:00 - 2004-08-04 22:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003Core.job => C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2000478354-725345543-1003UA.job => C:\Documents and Settings\All U Need- Workshop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-07 05:37 - 2015-01-07 05:37 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010601\algo.dll
    2013-11-23 13:48 - 2014-11-15 03:13 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-05-19 11:39 - 2007-10-09 16:11 - 00436736 ____N () C:\WINDOWS\system32\Autoserv.exe
    2011-05-29 16:42 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-12-10 10:15 - 2014-12-10 10:15 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:55159871
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DEC599F
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBADE846
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE68C149

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: SUPERAntiSpyware => H:\SUPERAntiSpyware.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1708537768-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    All U Need- Workshop (S-1-5-21-1708537768-2000478354-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\All U Need- Workshop
    Guest (S-1-5-21-1708537768-2000478354-725345543-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1708537768-2000478354-725345543-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1708537768-2000478354-725345543-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: WinDriver
    Description: WinDriver
    Class Guid: {C671678C-82C1-43F3-D700-0049433E9A4B}
    Manufacturer: Jungo
    Service: WinDriver6
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/07/2015 06:45:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 06:45:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 06:12:43 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 06:12:43 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:46:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:46:48 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:28:01 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 04:28:01 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 02:49:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Error: (01/07/2015 02:49:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
    Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) 8650 Triple-Core Processor
    Percentage of memory in use: 54%
    Total physical RAM: 1790.42 MB
    Available physical RAM: 811.2 MB
    Total Pagefile: 3684.58 MB
    Available Pagefile: 2905.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1951.25 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:29.29 GB) (Free:1.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (Data) (Fixed) (Total:436.47 GB) (Free:406.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 9C39EAFC)
    Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=436.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Our Hijackthis scanner may need up dating and that's why it said suspicious entries, it simply did not recognize them as it had no data base to compare them too.

    There are a few items to fix, none of it malware related just a general clean up of left overs.



    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {2d37508c-8b90-11e2-acb1-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {39cc3535-4aea-11e1-ac5c-00a0d5ffffae} - F:\setup.exe -a
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {5087bf7f-8609-11e2-acb0-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f693-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f69e-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e96c60aa-9599-11e0-9cf9-001d0fb0098f} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {f9903fee-bcbc-11e0-9cfe-001fd09f9814} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {ff0dc48a-4506-11de-9c2a-001d0fb0098f} - F:\LaunchU3.exe -a
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=1C99E1AC-9E71-4764-BE6D-8A5B4BEE3EC7&apn_sauid=FBF2F26C-D62F-4CB4-A4BE-452767D1BA86
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    FF SearchEngineOrder.1: Ask.com
    Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S4 IntelIde; No ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 WinDriver6; system32\drivers\windrvr6.sys [X]
    U1 WS2IFSL; No ImagePath
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temp\_isD.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfjy6q.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\htmlayout.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\pdf-editor_full1042.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\sqlite3.dll
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:55159871
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DEC599F
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBADE846
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE68C149
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:
    reboot:
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Thanks
    Joe

  6. #6
    Member
    Join Date
    Jan 2015
    Posts
    4
    Points
    0

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-01-2015
    Ran by All U Need- Workshop at 2015-01-07 11:33:38 Run:1
    Running from C:\Documents and Settings\All U Need- Workshop\Desktop
    Loaded Profile: All U Need- Workshop (Available profiles: All U Need- Workshop & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {2d37508c-8b90-11e2-acb1-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {39cc3535-4aea-11e1-ac5c-00a0d5ffffae} - F:\setup.exe -a
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {5087bf7f-8609-11e2-acb0-001fd09f9814} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f693-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e393f69e-d217-11e1-ac7f-00a0d5ffffae} - F:\autorun.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {e96c60aa-9599-11e0-9cf9-001d0fb0098f} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {f9903fee-bcbc-11e0-9cfe-001fd09f9814} - F:\WIN\setup.exe
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\...\MountPoints2: {ff0dc48a-4506-11de-9c2a-001d0fb0098f} - F:\LaunchU3.exe -a
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=1C99E1AC-9E71-4764-BE6D-8A5B4BEE3EC7&apn_sauid=FBF2F26C-D62F-4CB4-A4BE-452767D1BA86
    SearchScopes: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    Toolbar: HKU\S-1-5-21-1708537768-2000478354-725345543-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    FF SearchEngineOrder.1: Ask.com
    Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S4 IntelIde; No ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 WinDriver6; system32\drivers\windrvr6.sys [X]
    U1 WS2IFSL; No ImagePath
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temp\_isD.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfjy6q.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\htmlayout.dll
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\pdf-editor_full1042.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\sqlite3.dll
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:55159871
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DEC599F
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBADE846
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE68C149
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    CMD: ipconfig /flushdns
    hosts:
    Emptytemp:
    reboot:
    end
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d37508c-8b90-11e2-acb1-001fd09f9814}" => Key deleted successfully.
    HKCR\CLSID\{2d37508c-8b90-11e2-acb1-001fd09f9814} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39cc3535-4aea-11e1-ac5c-00a0d5ffffae}" => Key deleted successfully.
    HKCR\CLSID\{39cc3535-4aea-11e1-ac5c-00a0d5ffffae} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5087bf7f-8609-11e2-acb0-001fd09f9814}" => Key deleted successfully.
    HKCR\CLSID\{5087bf7f-8609-11e2-acb0-001fd09f9814} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e393f693-d217-11e1-ac7f-00a0d5ffffae}" => Key deleted successfully.
    HKCR\CLSID\{e393f693-d217-11e1-ac7f-00a0d5ffffae} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e393f69e-d217-11e1-ac7f-00a0d5ffffae}" => Key deleted successfully.
    HKCR\CLSID\{e393f69e-d217-11e1-ac7f-00a0d5ffffae} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e96c60aa-9599-11e0-9cf9-001d0fb0098f}" => Key deleted successfully.
    HKCR\CLSID\{e96c60aa-9599-11e0-9cf9-001d0fb0098f} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9903fee-bcbc-11e0-9cfe-001fd09f9814}" => Key deleted successfully.
    HKCR\CLSID\{f9903fee-bcbc-11e0-9cfe-001fd09f9814} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff0dc48a-4506-11de-9c2a-001d0fb0098f}" => Key deleted successfully.
    HKCR\CLSID\{ff0dc48a-4506-11de-9c2a-001d0fb0098f} => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Key not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
    HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
    "HKU\S-1-5-21-1708537768-2000478354-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} => value deleted successfully.
    HKCR\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593} => Key not found.
    HKU\S-1-5-21-1708537768-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
    Firefox SearchEngineOrder.1 deleted successfully.
    Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File => Error: No automatic fix found for this entry.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.
    HTCAND32 => Service deleted successfully.
    IntelIde => Service deleted successfully.
    massfilter => Service deleted successfully.
    SWUMX20 => Service deleted successfully.
    WinDriver6 => Service deleted successfully.
    WS2IFSL => Service deleted successfully.
    ZTEusbmdm6k => Service deleted successfully.
    ZTEusbnmea => Service deleted successfully.
    ZTEusbser6k => Service deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE => Moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_isD.exe => Moved successfully.
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfjy6q.dll => Moved successfully.
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\htmlayout.dll => Moved successfully.
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\pdf-editor_full1042.exe => Moved successfully.
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\Quarantine.exe => Moved successfully.
    C:\Documents and Settings\All U Need- Workshop\Local Settings\Temp\sqlite3.dll => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":55159871" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":6DEC599F" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":BBADE846" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":BE68C149" ADS removed successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.

    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 958 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 11:34:00 ====

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Are there any other issues with the computer ?

    Joe