1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Likely a virus that needs to be removed.

Discussion in 'Malware and Virus Removal' started by h2ofwlr, 2017/11/25.

  1. 2017/11/25
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    I have an old PC system (XP with only 2Mram) that I'm trying to get cleaned up to do complete file transfers to a newer computer software/hardware system, but before I do that I want to make sure that there is no virus as it's acting very slow like there is 1. For example, upon booting up it takes 2+ minutes to open up a window on FireFox.

    The ISP has Norton as an automatic virus screening on their system. I have run monthly Spybot and SuperAntivirus screenings to remove adware which consist of eliminating tracking cookies.

    About 2 weeks I noticed a major slowdown, at times locking the system up with 100%CPU usage and yet it was/is freezing up. A week ago I ran Malware bytes and also TotalAv scans, just some very minor things. No improvement in performance. Then last weekend I did system restore point to 2.5 weeks prior and that did not help. Also did a Firefox system restore to original settings ( FF was so slow to open up that their advice pop up box said to try it to speed it up). That did not work either. With the main computer system restore point a week ago to 2.5 weeks prior, I had to reinstall Malewarebytes and ran it yesterday, 3 minor things were quarantined and were labeled as possible unwanted add ons. No difference in performance.

    Something that may be of importance. I have consistently for 3+ yrs have gotten "Shockwave Plugin" error messages on this PC. I've talked with several people that are full time IT and no one could give an answer as to why or to remedy it besides "get a newer system".

    I just did the FRST.

    FYI - It took over an hour just to get to this point to make this post - my computer is that slow right now.

    Thank you,
    Alan


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2017 01
    Ran by First Class Car Care (administrator) on FIRSTCLASS (25-11-2017 10:33:57)
    Running from C:\Documents and Settings\Alan\Desktop
    Loaded Profiles: First Class Car Care & UpdatusUser (Available Profiles: First Class Car Care & UpdatusUser & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Apricorn) C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
    (CenturyLink Inc) C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
    (Apricorn) C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
    (Apricorn) C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
    (Apricorn) C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
    () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    ( ) C:\WINDOWS\system32\dlcccoms.exe
    (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    () C:\Program Files\TotalAV\SecurityService.exe
    (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    () C:\Program Files\TotalAV\TotalAV.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-10-31] (Cyberlink Corp.)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-08-30] ()
    HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] ()
    HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057064 2007-06-25] (Nero AG)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
    HKLM\...\Run: [EZGigMonitor.exe] => C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe [1169264 2007-10-09] (Apricorn)
    HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)
    HKLM\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [46720 2012-03-08] (CenturyLink Inc)
    HKLM\...\Run: [Apricorn Scheduler Service] => C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe [148712 2007-10-09] (Apricorn)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe [1949480 2007-10-09] (Apricorn)
    HKLM\...\Run: [DLCCCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16************************************************************************************************************************ (the data entry has 59 more characters).
    HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll <==== ATTENTION
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
    HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 1
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [ROC_ROC_APR2013_AV] => C:\Documents and Settings\Alan\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 44e03bb2500547d0a693d15b796789d3-e21a548767f03e4ce288f39c52dc7e4801662a10 --CMPID ROC (the data entry has 29 more characters).
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-10-17] (SUPERAntiSpyware)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n. ATTENTION
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1007\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2007-06-27] (Nero AG)
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
    Tcpip\..\Interfaces\{EAFC8161-F832-4137-9C39-A8C3CA7FAD31}: [DhcpNameServer] 192.168.0.1 205.171.3.25

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.refugeforums.com/refuge/forumdisplay.php?f=33
    URLSearchHook: [S-1-5-21-1801674531-1979792683-1417001333-1007] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File
    BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
    Toolbar: HKLM - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1417580843046
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251126488015
    DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: t01oh3zn.default-1417445688937
    FF ProfilePath: C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\t01oh3zn.default-1417445688937 [2017-11-24]
    FF Homepage: C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\t01oh3zn.default-1417445688937 -> hxxp://www.refugeforums.com/refuge/forumdisplay.php?f=33
    FF ProfilePath: C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\n8w0j26j.default-1511457590609 [2017-11-24]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24] [Lagacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{FD2A3AFE-D1D0-440F-8BEA-3B664EE4E27B}] - C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{FD2A3AFE-D1D0-440F-8BEA-3B664EE4E27B}
    FF Extension: (No Name) - C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{FD2A3AFE-D1D0-440F-8BEA-3B664EE4E27B} [2011-04-04] [not signed]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-03-17]
    CHR Extension: (Docs) - C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
    CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
    R2 AcrSch2Svc; C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe [410856 2007-10-09] (Apricorn)
    R2 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () [File not signed]
    R2 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [538096 2007-02-14] ( )
    R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1552680 2007-06-25] (Nero AG)
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
    R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] () [File not signed]
    S4 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () [File not signed]
    S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 SecurityService; C:\Program Files\TotalAV\SecurityService.exe [441704 2017-11-02] ()
    S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S1 Changer; C:\WINDOWS\system32\Drivers\Changer.sys [8192 2008-04-13] (Microsoft Corporation)
    R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
    R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
    R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [119080 2007-06-25] (Nero AG)
    R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-06-25] (Nero AG)
    U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-06-25] (Nero AG)
    R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-06-25] (Nero AG)
    S1 lbrtfdc; C:\WINDOWS\system32\Drivers\lbrtfdc.sys [34688 2008-04-13] (Toshiba Corp.)
    R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150304 2017-11-24] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-25] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-11-25] (Malwarebytes)
    S3 MN710-51; C:\WINDOWS\System32\DRIVERS\MN710-51.sys [339520 2004-01-07] (GlobespanVirata, Inc.)
    S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-07-23] (Motorola)
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20176 2012-02-20] (Sonic Solutions) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [120688 2009-08-28] (Apricorn) [File not signed]
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
    R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
    R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [39376 2009-08-28] (Apricorn) [File not signed]
    R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [400560 2009-08-28] (Apricorn) [File not signed]
    S0 cerc6; no ImagePath
    U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
    S4 vsdatant; a [X]
    U1 WS2IFSL; no ImagePath
    S0 WudfPf; system32\DRIVERS\WudfPf.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-25 10:33 - 2017-11-25 10:37 - 000020870 _____ C:\Documents and Settings\Alan\Desktop\FRST.txt
    2017-11-25 10:33 - 2017-11-25 10:33 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\FRST-OlderVersion
    2017-11-25 10:31 - 2017-11-25 10:33 - 000000000 ____D C:\FRST
    2017-11-24 11:49 - 2017-11-25 10:25 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-11-24 11:48 - 2017-11-25 10:24 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-11-24 11:48 - 2017-11-24 11:48 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2017-11-24 11:48 - 2017-11-24 11:48 - 000001731 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
    2017-11-24 11:48 - 2017-11-24 11:48 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
    2017-11-24 11:48 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
    2017-11-23 18:43 - 2017-11-25 10:33 - 001789440 _____ (Farbar) C:\Documents and Settings\Alan\Desktop\FRST.exe
    2017-11-23 11:20 - 2017-11-23 11:20 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Old Firefox Data
    2017-11-17 23:00 - 2017-11-17 23:00 - 000001558 _____ C:\Documents and Settings\Alan\Desktop\TotalAV.lnk
    2017-11-17 22:55 - 2017-11-17 23:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-11-17 22:34 - 2017-11-17 23:26 - 000000000 ____D C:\Program Files\TotalAV
    2017-11-16 13:55 - 2017-11-18 00:05 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\2017 Waterfowl reports
    2017-11-16 04:02 - 2017-11-16 04:02 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-11-15 21:21 - 2017-11-17 22:43 - 000371510 _____ C:\WINDOWS\ntbtlog.txt
    2017-11-07 23:46 - 2017-11-07 23:46 - 000022077 _____ C:\Documents and Settings\Alan\Desktop\November Agenda and October minutes.zip
    2017-11-07 23:45 - 2017-11-07 23:45 - 005831295 _____ C:\Documents and Settings\Alan\Desktop\2017-11-07 - October 2017 Treasurer's Report.pdf
    2017-11-07 12:23 - 2017-11-21 12:07 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Ebay

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-25 10:37 - 2009-11-28 21:34 - 000000000 ____D C:\Documents and Settings\First Class Car Care\Local Settings\Temp
    2017-11-25 10:24 - 2008-04-14 06:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
    2017-11-25 10:23 - 2014-12-03 03:21 - 000000252 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2017-11-25 10:23 - 2014-12-02 23:55 - 000000000 ____D C:\temp
    2017-11-25 10:23 - 2010-02-03 00:21 - 000000236 _____ C:\WINDOWS\Tasks\OGALogon.job
    2017-11-25 10:23 - 2009-08-22 19:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-11-25 10:22 - 2009-11-28 21:35 - 000000278 ___SH C:\Documents and Settings\First Class Car Care\ntuser.ini
    2017-11-25 10:22 - 2009-11-28 21:34 - 000000000 ____D C:\Documents and Settings\First Class Car Care
    2017-11-25 10:22 - 2009-08-22 19:32 - 000032554 _____ C:\WINDOWS\SchedLgU.Txt
    2017-11-23 19:18 - 2008-04-14 06:00 - 000000638 _____ C:\WINDOWS\win.ini
    2017-11-23 18:00 - 2011-03-20 23:09 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2017-11-23 11:35 - 2012-02-29 08:30 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\For Sale
    2017-11-23 11:35 - 2010-02-12 12:46 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\For sale sold
    2017-11-21 09:33 - 2014-12-01 23:17 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\misc docs
    2017-11-18 22:54 - 2014-12-25 13:23 - 000000508 _____ C:\WINDOWS\Tasks\Motorola Device Manager Update.job
    2017-11-18 00:19 - 2014-01-27 12:04 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-11-17 23:05 - 2009-11-28 21:34 - 000000000 ___RD C:\Documents and Settings\Alan\Alan's Documents
    2017-11-17 22:53 - 2009-08-22 13:30 - 000599684 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-11-17 22:52 - 2015-05-21 16:46 - 000000000 ____D C:\Program Files\dl_Cats
    2017-11-17 22:50 - 2014-12-02 23:56 - 000000000 ____D C:\Documents and Settings\UpdatusUser
    2017-11-17 22:50 - 2011-04-10 08:25 - 000000000 ____D C:\Documents and Settings\Administrator
    2017-11-17 22:50 - 2009-08-22 19:32 - 000000000 __SHD C:\Documents and Settings\LocalService
    2017-11-17 22:50 - 2009-08-22 19:18 - 000000000 __SHD C:\Documents and Settings\NetworkService
    2017-11-17 22:49 - 2009-08-22 19:13 - 000000000 ____D C:\WINDOWS\Registration
    2017-11-17 22:46 - 2012-02-29 08:25 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Hunting related
    2017-11-17 09:48 - 2009-08-22 13:23 - 000000000 ___HD C:\WINDOWS\inf
    2017-11-16 10:41 - 2012-03-23 21:08 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\P2 Alano
    2017-11-16 10:40 - 2017-03-08 09:23 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Nik C 2017
    2017-11-16 04:02 - 2009-10-26 19:18 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2017-11-08 15:06 - 2014-12-03 03:21 - 000000246 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2017-11-07 12:24 - 2017-01-30 12:45 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Memes
    2017-11-03 08:14 - 2014-12-01 23:17 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Misc photos
    2017-10-31 12:08 - 2012-02-22 12:26 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Mainstreeters

    ==================== Files in the root of some directories =======

    2011-01-23 21:55 - 2011-01-23 21:55 - 000011429 _____ () C:\Documents and Settings\Alan\Application Data\Microsoft Excel.TSK
    2010-02-11 22:08 - 2017-09-20 05:25 - 000208896 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-04-27 13:09 - 2010-04-27 13:09 - 000000143 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\fusioncache.dat
    2010-04-27 12:13 - 2014-12-22 20:17 - 000008541 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

    ZeroAccess:
    C:\Windows\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}
    C:\Windows\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L\00000004.@
    C:\Windows\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L\1afb2d56
    C:\Windows\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L\201d3dde

    ZeroAccess:
    C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a

    ZeroAccess:
    C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{37ad6bc9-e176-f6b0-348b-aabcecda702a}
    ZeroAccess:
    C:\Program Files\Google\Desktop\Install

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

    ==================== End of FRST.txt ============================
     
    Last edited: 2017/11/25
  2. 2017/11/25
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-11-2017 01
    Ran by First Class Car Care (25-11-2017 10:51:01)
    Running from C:\Documents and Settings\Alan\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2009-08-23 01:18:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1801674531-1979792683-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1801674531-1979792683-1417001333-1004 - Limited - Enabled)
    First Class Car Care (S-1-5-21-1801674531-1979792683-1417001333-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\First Class Car Care
    Guest (S-1-5-21-1801674531-1979792683-1417001333-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1801674531-1979792683-1417001333-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1801674531-1979792683-1417001333-1002 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1801674531-1979792683-1417001333-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2350 (HKLM\...\{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    2350_Help (HKLM\...\{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    2350Trb (HKLM\...\{C0E7118C-CF3D-46EC-B431-F744C035A571}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 3.0 (HKLM\...\{851C67EF-068A-4060-9EF5-2E3DDCD68382}) (Version: 003.000.0000 - Adobe Systems Inc.)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Advanced SystemCare 3 (HKLM\...\Advanced SystemCare 3_is1) (Version: 3.4.1 - IObit)
    AiO_Scan (HKLM\...\{655CB07D-C944-40BE-B93F-55957CAC7625}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    AiOSoftware (HKLM\...\{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    Apricorn EZ Gig II (HKLM\...\{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}) (Version: 10.0.5114 - Apricorn)
    Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
    BufferChm (HKLM\...\{700A6597-3CE6-49C1-AA75-846B24CDA66D}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CenturyLink Installer (HKLM\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (HKLM\...\{1B680FBA-E317-4E93-AF43-3B59798A4BE0}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CP_AtenaShokunin1Config (HKLM\...\{A5B9D22C-755A-4AC6-9904-875E80838BB6}) (Version: 45.4.131.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Albums1 (HKLM\...\{272EC8BA-5A08-4ea1-A189-684466A06B02}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Cards1 (HKLM\...\{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjects (HKLM\...\{644D04A2-C682-4FD5-977D-03B804C4B9C5}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjectsTemplates (HKLM\...\{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CueTour (HKLM\...\{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Destinations (HKLM\...\{68963635-14A4-48D9-B431-DF3A74D1AAE1}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Director (HKLM\...\{B911B811-BA3E-46D4-90F8-6F3338359651}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    DocProc (HKLM\...\{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
    DocumentViewer (HKLM\...\{CE0C8CC5-E396-442B-A50E-D1D374A9E820}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Driver Whiz (HKLM\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
    Extended Update (HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Digital Sites) (Version: - Extended Update) <==== ATTENTION
    Fax (HKLM\...\{181821B7-82AA-44DA-9DAF-EF254CCB670A}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
    HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
    HPSystemDiagnostics (HKLM\...\{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}) (Version: 1.6.0.0 - Your Company Name) Hidden
    InstantShare (HKLM\...\{1AD5F465-8282-4DAD-B957-E09C0B783D18}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
    LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    MarketResearch (HKLM\...\{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}) (Version: 45.4.158.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - )
    Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
    Motorola Device Software Update (HKLM\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
    Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nero 7 Essentials (HKLM\...\{2000BE04-8B25-4776-93FC-830959521033}) (Version: 7.03.1009 - Nero AG)
    NVIDIA Graphics Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
    NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PanoStandAlone (HKLM\...\{5E8D588F-307C-4250-B622-26969027319A}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PhotoGallery (HKLM\...\{646A65DD-23FC-418E-B9F0-E0500FB42CB1}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
    ProductContext (HKLM\...\{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}) (Version: 47.1.14.000 - Hewlett-Packard) Hidden
    QFolder (HKLM\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Readme (HKLM\...\{442BE28B-782B-4DC0-B490-E70A403B1C69}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    Scan (HKLM\...\{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (HKLM\...\{14BEB6DF-A499-4A38-8E06-E173BCD5C087}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
    Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    SkinsHP1 (HKLM\...\{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.7000 - Analog Devices)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
    TotalAV (HKLM\...\TotalAV) (Version: 1.36.98 - TotalAV)
    TrayApp (HKLM\...\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Unload (HKLM\...\{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}) (Version: 4.5.0 - Hewlett-Packard) Hidden
    WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (HKLM\...\{CDFCF124-115F-4976-8BF4-08C89187A146}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio (HKLM\...\{A6264FF6-C49D-4533-AF42-4875C38BB24C}) (Version: 1.00.0000 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n. => No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] ()
    ContextMenuHandlers1: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] ()
    ContextMenuHandlers2: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] ()
    ContextMenuHandlers4: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2012-08-30] ()
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-10-14] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2012-08-30] (NVIDIA Corporation)
    ContextMenuHandlers6: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    FolderExtensions: [ShellFolder for CD Burning] -> {fbeb8a05-beee-4442-804e-409d6c4515e9} => C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n. -> No File

    ==================== Scheduled Tasks=============================

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2007-10-09 11:12 - 2007-10-09 11:12 - 000050408 _____ () C:\Program Files\Common Files\Apricorn\Common\gc.dll
    2004-10-04 04:47 - 2004-10-04 04:47 - 000098304 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    2004-10-04 04:46 - 2004-10-04 04:46 - 000147456 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
    2014-04-07 08:31 - 2014-04-07 08:31 - 000172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
    2004-10-04 03:40 - 2004-10-04 03:40 - 000118784 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    2017-11-17 23:00 - 2017-11-02 11:17 - 000441704 _____ () C:\Program Files\TotalAV\SecurityService.exe
    2017-11-17 23:00 - 2017-11-02 11:15 - 000280576 _____ () C:\Program Files\TotalAV\Utilizr.dll
    2017-11-17 23:00 - 2016-04-15 10:44 - 000062976 _____ () C:\Program Files\TotalAV\LinqBridge.dll
    2017-11-17 23:00 - 2017-11-02 11:16 - 000200192 _____ () C:\Program Files\TotalAV\AviraLib.dll
    2017-11-17 23:00 - 2017-11-02 11:16 - 000873472 _____ () C:\Program Files\TotalAV\Engine.Win.dll
    2017-11-17 23:00 - 2017-11-02 11:15 - 000020480 _____ () C:\Program Files\TotalAV\Utilizr.VPN.Win.dll
    2017-11-17 23:00 - 2017-11-02 11:16 - 000135680 _____ () C:\Program Files\TotalAV\SSCore.dll
    2017-11-17 23:00 - 2017-11-02 11:16 - 000299008 _____ () C:\Program Files\TotalAV\SharedDesktop.dll
    2007-01-22 01:24 - 2007-01-22 01:24 - 000069632 _____ () C:\WINDOWS\system32\dlcccfg.dll
    2005-04-01 10:44 - 2005-04-01 10:44 - 000061440 _____ () C:\WINDOWS\system32\dlcccnv4.dll
    2017-11-24 11:48 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-11-17 23:00 - 2017-11-02 11:17 - 002718648 _____ () C:\Program Files\TotalAV\TotalAV.exe
    2017-11-17 23:00 - 2017-11-02 11:15 - 000294400 _____ () C:\Program Files\TotalAV\Utilzr.WPF.dll
    2017-11-17 23:00 - 2017-11-02 11:15 - 000034304 _____ () C:\Program Files\TotalAV\Utilizr.VPN.dll
    2017-11-17 23:00 - 2017-11-02 11:15 - 000027648 _____ () C:\Program Files\TotalAV\Utilizr.OpenVPN.dll
    2017-11-17 23:00 - 2017-11-02 11:15 - 000026112 _____ () C:\Program Files\TotalAV\pwm.dll
    2017-11-17 23:00 - 2016-04-15 10:41 - 000059392 _____ () C:\Program Files\TotalAV\Community.CsharpSqlite.SQLiteClient.dll
    2007-07-12 11:55 - 2007-07-12 11:55 - 001581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-08-14 11:59 - 2007-08-14 11:59 - 006365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-07-12 11:55 - 2007-07-12 11:55 - 000131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:SummaryInformation [43]
    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77577818.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77577818.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR310 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\100sexlinks.com -> 100sexlinks.com

    There are 4790 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2011-04-20 16:05 - 2011-04-20 19:36 - 000000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1007\Control Panel\Desktop\\Wallpaper -> (None)
    DNS Servers: 192.168.0.1 - 205.171.3.25
    sharedaccess => Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabled:Dropbox
    StandardProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabled:Dropbox

    ==================== Restore Points =========================

    17-08-2017 18:52:40 System Checkpoint
    18-08-2017 22:23:58 System Checkpoint
    20-08-2017 01:50:03 System Checkpoint
    21-08-2017 02:13:51 System Checkpoint
    22-08-2017 03:13:54 System Checkpoint
    23-08-2017 04:13:53 System Checkpoint
    24-08-2017 04:20:33 System Checkpoint
    25-08-2017 05:20:32 System Checkpoint
    26-08-2017 06:20:32 System Checkpoint
    26-08-2017 21:53:57 Installed Motorola Device Manager
    27-08-2017 22:27:48 System Checkpoint
    28-08-2017 22:35:53 System Checkpoint
    29-08-2017 23:20:33 System Checkpoint
    31-08-2017 00:20:11 System Checkpoint
    01-09-2017 01:20:11 System Checkpoint
    02-09-2017 02:20:11 System Checkpoint
    03-09-2017 03:20:11 System Checkpoint
    04-09-2017 04:20:11 System Checkpoint
    05-09-2017 05:20:11 System Checkpoint
    06-09-2017 06:21:16 System Checkpoint
    07-09-2017 07:20:11 System Checkpoint
    08-09-2017 08:20:12 System Checkpoint
    09-09-2017 08:33:36 System Checkpoint
    10-09-2017 09:20:11 System Checkpoint
    11-09-2017 09:21:16 System Checkpoint
    12-09-2017 10:20:12 System Checkpoint
    13-09-2017 11:20:11 System Checkpoint
    14-09-2017 12:20:07 System Checkpoint
    16-09-2017 23:43:16 System Checkpoint
    18-09-2017 00:02:30 System Checkpoint
    20-09-2017 07:17:41 System Checkpoint
    21-09-2017 02:00:21 Software Distribution Service 3.0
    22-09-2017 02:24:00 System Checkpoint
    23-09-2017 03:23:59 System Checkpoint
    24-09-2017 04:24:00 System Checkpoint
    25-09-2017 04:29:27 System Checkpoint
    26-09-2017 05:29:27 System Checkpoint
    27-09-2017 09:33:49 System Checkpoint
    28-09-2017 10:29:28 System Checkpoint
    29-09-2017 11:03:34 System Checkpoint
    30-09-2017 11:29:29 System Checkpoint
    01-10-2017 12:29:29 System Checkpoint
    02-10-2017 13:29:30 System Checkpoint
    03-10-2017 16:56:22 System Checkpoint
    04-10-2017 17:01:23 System Checkpoint
    05-10-2017 17:29:28 System Checkpoint
    06-10-2017 17:41:58 System Checkpoint
    07-10-2017 19:25:35 System Checkpoint
    08-10-2017 19:29:29 System Checkpoint
    09-10-2017 23:21:27 System Checkpoint
    10-10-2017 23:41:38 System Checkpoint
    11-10-2017 23:41:48 System Checkpoint
    13-10-2017 00:41:21 System Checkpoint
    14-10-2017 00:42:46 System Checkpoint
    15-10-2017 01:29:16 System Checkpoint
    16-10-2017 02:29:16 System Checkpoint
    17-10-2017 03:29:18 System Checkpoint
    18-10-2017 02:00:18 Software Distribution Service 3.0
    19-10-2017 02:22:46 System Checkpoint
    20-10-2017 03:10:17 System Checkpoint
    21-10-2017 04:10:17 System Checkpoint
    22-10-2017 05:10:17 System Checkpoint
    23-10-2017 06:10:19 System Checkpoint
    24-10-2017 06:55:36 System Checkpoint
    25-10-2017 15:03:14 System Checkpoint
    26-10-2017 15:25:56 System Checkpoint
    28-10-2017 00:32:35 System Checkpoint
    29-10-2017 01:25:56 System Checkpoint
    30-10-2017 02:25:57 System Checkpoint
    31-10-2017 03:25:58 System Checkpoint
    01-11-2017 04:25:57 System Checkpoint
    02-11-2017 05:25:57 System Checkpoint
    03-11-2017 06:25:58 System Checkpoint
    04-11-2017 07:25:58 System Checkpoint
    05-11-2017 07:34:03 System Checkpoint
    06-11-2017 07:37:59 System Checkpoint
    07-11-2017 07:53:04 System Checkpoint
    08-11-2017 22:56:15 System Checkpoint
    09-11-2017 23:25:22 System Checkpoint
    11-11-2017 00:25:24 System Checkpoint
    12-11-2017 01:25:24 System Checkpoint
    13-11-2017 02:25:38 System Checkpoint
    14-11-2017 03:20:54 System Checkpoint
    15-11-2017 03:46:13 System Checkpoint
    17-11-2017 22:44:21 Restore Operation
    21-11-2017 18:41:23 System Checkpoint
    23-11-2017 17:59:46 System Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/24/2017 09:09:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/23/2017 11:04:15 AM) (Source: Userenv) (EventID: 1068) (User: NT AUTHORITY)
    Description: Windows ended GPO processing because the computer shut down or the user logged off.

    Error: (11/22/2017 08:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/22/2017 11:07:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/21/2017 09:18:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/17/2017 10:51:50 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index cannot be read. (0xc0041800)

    Error: (11/17/2017 10:51:50 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index cannot be read. (0xc0041800)

    Error: (11/17/2017 10:51:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index cannot be read. (0xc0041800)

    Error: (11/17/2017 10:51:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

    Context: Windows Application, SystemIndex Catalog

    Details:
    0xc0041801 (0xc0041801)

    Error: (11/16/2017 04:05:14 AM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


    System errors:
    =============
    Error: (11/25/2017 10:25:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    WudfPf

    Error: (11/25/2017 10:25:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Computer Browser service terminated with the following error:
    The specified service does not exist as an installed service.

    Error: (11/25/2017 10:25:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Java Quick Starter service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (11/25/2017 10:25:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    The file can not be accessed by the system.

    Error: (11/25/2017 10:22:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/24/2017 02:36:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/24/2017 02:21:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    WudfPf

    Error: (11/24/2017 02:21:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Computer Browser service terminated with the following error:
    The specified service does not exist as an installed service.

    Error: (11/24/2017 02:21:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Java Quick Starter service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (11/24/2017 02:21:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    The file can not be accessed by the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
    Percentage of memory in use: 43%
    Total physical RAM: 3070.07 MB
    Available physical RAM: 1745.83 MB
    Total Virtual: 5409.5 MB
    Available Virtual: 4181.38 MB

    ==================== Drives ================================

    Drive c: (Main 160 G drive) (Fixed) (Total:149.01 GB) (Free:104.94 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: F8A999B3)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     

  3. to hide this advert.

  4. 2017/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    [​IMG] Uninstall following unwanted progam:

    Extended Update

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
  5. 2017/11/26
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    I uninstalled the extended update program.

    Roquekiller report
    RogueKiller V12.11.25.0 [Nov 20 2017] (Free) by Adlice Software
    mail : Contact - Adlice Software
    Feedback : Adlice forum - Home
    Website : RogueKiller Anti-Malware Free Download - Official Website
    Blog : Adlice Software - The Best Security Software, for FREE

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : First Class Car Care [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Scan -- Date : 11/25/2017 21:26:46 (Duration : 01:57:58)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 20 ¤¤¤
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found
    [PUP.Conduit|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\eSupport.com -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\YahooPartnerToolbar -> Found
    [PUP.PCProtect] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF} -> Found
    [PUP.DriverRestore|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverRestore -> Found
    [PUP.PCProtect] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TotalAV -> Found
    [Adw.Vosteran] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF} -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages -> Found
    [Root.ZeroAccess] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | CDBurn : {fbeb8a05-beee-4442-804e-409d6c4515e9} (C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n.) [x] -> Found
    [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
    [PUP.Gen0] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
    [PUM.Https] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Found
    [PUM.Https] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Found
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Main | Start Page : Minnesota Flyway Forum -> Found
    [Root.ZeroAccess] HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | (default) : C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n. [x] -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 17 ¤¤¤
    [Root.ZeroAccess][Folder] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L -> Found
    [Root.ZeroAccess][Folder] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\U -> Found
    [PUP.PCProtect][Folder] C:\Documents and Settings\Alan\Application Data\TotalAV -> Found
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install -> Found
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L -> Found
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\U -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Driver Whiz -> Found
    [Root.ZeroAccess][Folder] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\L -> Found
    [Root.ZeroAccess][Folder] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\U -> Found
    [PUP.Gen1][Folder] C:\Program Files\Driver Whiz -> Found
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install -> Found
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV -> Found
    [PUP.PCProtect][Folder] C:\Documents and Settings\Alan\Application Data\TotalAV -> Found
    [PUP.PCProtect][File] C:\Documents and Settings\Alan\Desktop\TotalAV.lnk [LNK@] C:\PROGRA~1\TotalAV\TotalAV.exe -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Driver Whiz -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][Firefox:Config] t01oh3zn.default-1417445688937 : user_pref("browser.startup.homepage", "Minnesota Flyway Forum"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 3b4dcad96d7dd6374e11052df13035db
    [BSP] e165ab2ebb9c66e8966a69572d6d91d2 : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152586 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  6. 2017/11/26
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Rogue killer Delete report page 1
    RogueKiller V12.11.25.0 [Nov 20 2017] (Free) by Adlice Software
    mail : Contact - Adlice Software
    Feedback : Adlice forum - Home
    Website : RogueKiller Anti-Malware Free Download - Official Website
    Blog : Adlice Software - The Best Security Software, for FREE

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : First Class Car Care [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Delete -- Date : 11/25/2017 21:26:46 (Duration : 01:57:58)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 20 ¤¤¤
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Not selected
    [PUP.Conduit|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Conduit -> Not selected
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Not selected
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\eSupport.com -> Not selected
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\YahooPartnerToolbar -> Not selected
    [PUP.PCProtect] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV -> Not selected
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF} -> Not selected
    [PUP.DriverRestore|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverRestore -> Not selected
    [PUP.PCProtect] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TotalAV -> Not selected
    [Adw.Vosteran] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran -> Deleted
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF} -> Not selected
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages -> Not selected
    [Root.ZeroAccess] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | CDBurn : {fbeb8a05-beee-4442-804e-409d6c4515e9} (C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n.) [x] -> Deleted
    [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [PUP.Gen0] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
    [PUM.Https] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected
    [PUM.Https] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Main | Start Page : Minnesota Flyway Forum -> Not selected
    [Root.ZeroAccess] HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | (default) : C:\RECYCLER\S-1-5-21-1801674531-1979792683-1417001333-1006\$37ad6bc9e176f6b0348baabcecda702a\n. [x] -> Replaced (%systemroot%\system32\shell32.dll)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 17 ¤¤¤
    [Root.ZeroAccess][Folder] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L -> Deleted
    [Root.ZeroAccess][File] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L\00000004.@ -> Deleted
    [Root.ZeroAccess][File] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L\1afb2d56 -> Deleted
    [Root.ZeroAccess][File] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L\201d3dde -> Deleted
    [Root.ZeroAccess][Folder] C:\WINDOWS\Installer\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\U -> Deleted
    [PUP.PCProtect][Folder] C:\Documents and Settings\Alan\Application Data\TotalAV -> Deleted
    [PUP.PCProtect][File] C:\Documents and Settings\Alan\Application Data\TotalAV\1.17.0\avira32redist.zip -> Deleted
    [PUP.PCProtect][Folder] C:\Documents and Settings\Alan\Application Data\TotalAV\1.17.0 -> Deleted
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\???\???\???\{37ad6bc9-e176-f6b0-348b-aabcecda702a} -> ERROR [5]
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\???\???\??? -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\???\??? -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\??? -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a} -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\L -> Deleted
    [Root.ZeroAccess][Folder] C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\U -> Deleted
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> Deleted
    [PUP.Gen1][File] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\TBCampaign2013.txt -> Deleted
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Driver Whiz -> Deleted
    [PUP.Gen1][File] C:\Documents and Settings\All Users\Application Data\Driver Whiz\Driver Whiz\dd.lic -> Deleted
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Driver Whiz\Driver Whiz -> Deleted
    [Root.ZeroAccess][Folder] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\L -> Deleted
    [Root.ZeroAccess][File] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\L\00000004.@ -> Deleted
    [Root.ZeroAccess][File] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\L\201d3dde -> Deleted
    [Root.ZeroAccess][File] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\L\76603ac3 -> Deleted
    [Root.ZeroAccess][Folder] C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a\U -> Deleted
    [PUP.Gen1][Folder] C:\Program Files\Driver Whiz -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\config.dat -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.com Knowledge Base.url -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.Common.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.DriverDetective.Client.Communication.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.DriverDetective.Client.Communication.XmlSerializers.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.DriverDetective.Client.ExceptionLogging.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.DriverDetective.Client.ExceptionLogging.XmlSerializers.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.DriverDetective.Common.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.DriverDetective.ExceptionLogging.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriversHQ.ThemePack.DriverWhiz.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.chm -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe.config -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.InstallState -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.Updater.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.Updater.exe.config -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\ISUninstall.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\Microsoft.ApplicationBlocks.Updater.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\Microsoft.ApplicationBlocks.Updater.Downloaders.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\Microsoft.Practices.EnterpriseLibrary.Common.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\Microsoft.Practices.ObjectBuilder.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files\Driver Whiz\Driver Whiz\XPBurnComponent.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files\Driver Whiz\Driver Whiz -> Deleted
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\ \ \???\{37ad6bc9-e176-f6b0-348b-aabcecda702a} -> ERROR [5]
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\ \ \??? -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\ \ -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a}\ -> Removed at reboot [91]
    [Root.ZeroAccess][Folder] C:\Program Files\Google\Desktop\Install\{37ad6bc9-e176-f6b0-348b-aabcecda702a} -> Removed at reboot [91]
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV -> Removed at reboot [91]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\AppConfig.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\AviraLib.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\bins\subinacl.exe -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\bins -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\brand.json -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Community.CsharpSqlite.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Community.CsharpSqlite.SQLiteClient.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\account.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\addon.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\avconfig.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\certs.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\details.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\gcld -> Removed at reboot [20]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\idpro.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\prefs.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\sdet.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\ui.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\data\vpn_locations.jdat -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\data -> Removed at reboot [91]
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\de -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\DotNetZip.dll -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\DotRas -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\amd64\devcon.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\amd64\OemWin2k.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\amd64\tap0901.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\amd64\tap0901.map -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\amd64\tap0901.pdb -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\amd64\tap0901.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\driver\amd64 -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\i386\devcon.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\i386\OemWin2k.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\i386\tap0901.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\i386\tap0901.map -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\i386\tap0901.pdb -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\driver\i386\tap0901.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\driver\i386 -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\driver -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Engine.Win.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Engine.Win.dll.config -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\es -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\fr -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Hardcodet.Wpf.TaskbarNotification.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\HtmlAgilityPack.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Ibt.Ortc.Api.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Ibt.Ortc.Api.Extensibility.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Ibt.Ortc.Plugin.IbtRealTimeSJ.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\installoptions.jdat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Interop.IWshRuntimeLibrary.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Interop.NetFwTypeLib.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Ionic.Zip.dll -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\it -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\json -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\lib_SCAPI.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\LinqBridge.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\locale\de_DE.mo -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\locale\es_ES.mo -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\locale\fr_FR.mo -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\locale -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\logs\main.log -> Removed at reboot [20]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\logs\security_service.log -> Removed at reboot [20]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\logs\service-1510982101.logc -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\logs\service_install.log -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\logs\updater.log -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\logs -> Removed at reboot [91]
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\Manifest -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Microsoft.VC90.CRT.manifest -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Mindscape.Raygun4Net.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\msvcm90.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\msvcp120.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\msvcp90.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\msvcr120.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\msvcr90.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Newtonsoft.Json.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\libeay32.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\liblzo2-2.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\libpkcs11-helper-1.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\openvpn.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\openvpnserv.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\openvpn_down.bat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\openvpn_up.bat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ovpn\ssleay32.dll -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\ovpn -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\PasswordManager.Tests.Desktop.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\pwm.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\queues\mvx1azyo.ktm.queue -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\queues -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\account-info.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\adblock-background.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\adblock-tile-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-expired-icon-adblock.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-expired-icon-id-protect.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-expired-icon-pwd-vault.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-expired-icon-vpn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-promo-icon-adblock.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-promo-icon-id-protect.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-promo-icon-pwd-vault.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\addon-promo-icon-vpn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\apc-popup-document.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\apc-popup-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\balloon_error_icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\balloon_info_icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-chrome.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-chrome30.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-edge.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-edge30.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-firefox.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-firefox30.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-ie.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-opera.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-opera30.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\browser-icon-safari.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\btn-icon-arrow.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\btn-icon-curved-arrow.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\btn-icon-loading.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\circular-tick-icon-white16.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\circular-tick-icon-white24.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\computer-error.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\dashbutton-pwd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\dashbutton-vpn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\default-application-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\default-exclusion-file.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\default-exclusion-folder.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\default-favicon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\devices-expired.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\devices-no-licences-free.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\early-renewal-icon-computer.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\facebook-thumb.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ad.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ad@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ad_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ae.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ae@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ae_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_af.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_af@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_af_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ag.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ag@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ag_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_al.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_al@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_al_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_am.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_am@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_am_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ar.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ar@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ar_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_at.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_at@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_at_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_au.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_au@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_au_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_az.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_az@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_az_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ba.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ba@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ba_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bb.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bb@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bb_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bd@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bd_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_be.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_be@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_be_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bf.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bf@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bf_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bh.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bh@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bh_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bi.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bi@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bi_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bj.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bj@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bo.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bo@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bo_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_br.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_br@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_br_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bs.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bs@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bt.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bt@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bt_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_by.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_by@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_by_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_bz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ca.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ca@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ca_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cd@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cd_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cf.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cf@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cf_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ch.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ch@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ch_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ci.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ci@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ci_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cl.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cl@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cl_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_co.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_co@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_co_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cu.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cu@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cu_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cv.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cv@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cv_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cy.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cy@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cy_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_cz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_de.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_de@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_de_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dj.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dj@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dj_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dk.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dk@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dk_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_do.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_do@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_do_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_dz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ec.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ec@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ec_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ee.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ee@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ee_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_eg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_eg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_eg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_er.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_er@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_er_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_es.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_es@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_es_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_et.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_et@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_et_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fi.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fi@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fi_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fj.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fj@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fj_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_fr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ga.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ga@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ga_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gb.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gb@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gb_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gd@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gd_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ge.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ge@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ge_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gh.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gh@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gh_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gq.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gq@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gq_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gt.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gt@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gt_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gy.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gy@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_gy_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hk.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hk@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hk_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ht.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ht@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ht_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hu.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hu@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_hu_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_id.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_id@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_id_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ie.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ie@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ie_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_il.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_il@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_il_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_in.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_in@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_in_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_iq.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_iq@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_iq_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ir.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ir@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ir_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_is.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_is@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_is_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_it.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_it@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_it_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jo.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jo@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jo_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jp.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jp@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_jp_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ke.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ke@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ke_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kh.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kh@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kh_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ki.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ki@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ki_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_km.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_km@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_km_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kp.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kp@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kp_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kv.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kv@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_kz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_la.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_la@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_la_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lb.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lb@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lb_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lc.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lc@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lc_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_li.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_li@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_li_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lk.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lk@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lk_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ls.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ls@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ls_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lt.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lt@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lt_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lu.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lu@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lu_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lv.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lv@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_lv_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ly.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ly@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ly_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ma.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ma@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ma_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mc.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mc@2x.png -> Deleted
     
  7. 2017/11/26
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Rogue Killer delete report page 2
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mc_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_md.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_md@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_md_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_me.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_me@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_me_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mh.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mh@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mh_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mk.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mk@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mk_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ml.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ml@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ml_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mt.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mt@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mt_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mu.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mu@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mu_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mv.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mv@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mv_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mx.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mx@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mx_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_my.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_my@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_my_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_mz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_na.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_na@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_na_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ne.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ne@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ne_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ng.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ng@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ng_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ni.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ni@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ni_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nl.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nl@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nl_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_no.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_no@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_no_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_np.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_np@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_np_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_nz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_om.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_om@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_om_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pa.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pa@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pa_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pe.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pe@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pe_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ph.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ph@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ph_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pk.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pk@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pk_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pl.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pl@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pl_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pt.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pt@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pt_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_pw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_py.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_py@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_py_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_qa.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_qa@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_qa_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ro.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ro@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ro_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_rs.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_rs@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_rs_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ru.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ru@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ru_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_rw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_rw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_rw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sa.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sa@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sa_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sb.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sb@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sb_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sc.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sc@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sc_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sd@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sd_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_se.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_se@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_se_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_si.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_si@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_si_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sk.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sk@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sk_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sl.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sl@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sl_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_so.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_so@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_so_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ss.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ss@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ss_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_st.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_st@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_st_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sv.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sv@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sv_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sy.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sy@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sy_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_sz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_td.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_td@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_td_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tg@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tg_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_th.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_th@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_th_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tj.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tj@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tj_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tl.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tl@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tl_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_to.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_to@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_to_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tr.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tr@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tr_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tt.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tt@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tt_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tv.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tv@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tv_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tw_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_tz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ua.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ua@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ua_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ug.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ug@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ug_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_us.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_us@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_us_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_uy.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_uy@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_uy_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_uz.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_uz@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_uz_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_va.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_va@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_va_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vc.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vc@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vc_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ve.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ve@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ve_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vn@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vn_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vu.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vu@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_vu_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ws.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ws@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ws_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ye.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ye@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_ye_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_za.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_za@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_za_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_zm.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_zm@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_zm_large@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_zw.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_zw@2x.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\flags\flag_zw_large@2x.png -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\resources\flags -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\generic-loading.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\generic-upgrade-adblock.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\generic-upgrade-id-protect.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\generic-upgrade-pwd-vault.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\generic-upgrade-vpn-eye.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-antivirus.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-applications.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-browser-manager.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-duplicates.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-exclamation.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-file-manager.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-firewall.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-junk-shredder.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-manage-scans.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-quarantine.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-quick-scan.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-realtime-protection.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-settings.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-startup-programs.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-system-boost.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-system-scan.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-icon-web-security.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\header-title-id-protect-suffix.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\help-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\hourglass.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\icon.ico -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-intro-icon-child.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-intro-icon-financial.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-intro-icon-personal.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-intro-icon-social.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-court-records.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-credit.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-cross.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-facebook-btn-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-facebook.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-instagram-btn-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-instagram.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-insurance.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-linkedin-btn-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-linkedin.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-social.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-ssn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-twitter-btn-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-twitter.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-wallet.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\id-protect-item-web.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\idprotect-tile-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-buy-adblock.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-buy-id-protect.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-buy-msg-star.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-buy-pwd-vault.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-buy-ticket.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-buy-vpn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-failed-payment.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\in-app-failed-support.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\inapp-purchase-logo.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\info-icon-win.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\laptop.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\login-background.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\login-lightbox-number-bg.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\login-lightbox-tick-small.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\login-lightbox-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\login-logo.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\logo-toolbar-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\logo-toolbar.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\malware-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\map.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-antivirus.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-dashboard.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-disk-cleaner.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-file-manager.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-firewall.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-id-protect.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-pwd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-system-boost.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\menu-icon-web-security.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\mini-speedo-needle.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\new-features-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\payment-confirmation-quarantine-speedo.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\product-box.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\progress-thumb-exclamation.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\progress-thumb-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pua-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\public-wifi-notification.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-change-password.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-chrome-import-arrow.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-chrome-import.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-delete-trashcan.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-footer-addnew.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-indicator-locked.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-indicator-unlocked.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-lightbox-copy.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-lightbox-generate.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-lightbox-hide.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-lightbox-view.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-copy.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-delete.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-edit.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-hide.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-pwd.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-user.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-list-view.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-search-cancel.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-search-magnifier.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-vault-intro.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\pwd-vault-lightbox.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\realtime-flash.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\red_speedo.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-account-expired.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-bow.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-clock.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-gift-generic.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-gift-licence.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-gift-support.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-gift-vpn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-hourglass.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-megaphone.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-shield.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\renewal-timer.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\settings-cog.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\success-icon-green-small.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\thumb-down.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\thumb-up.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\thumb-up128.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\thumb-up64.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-antivirus.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-applications-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-applications.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-battery-saver.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-browser-manager-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-browser-manager.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-disk-cleaner.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-duplicates-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-duplicates.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-file-manager.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-firewall-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-firewall.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-id-protect.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-information.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-junk-shredder.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-manage-scans.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-quarantine-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-quarantine.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-quick-scan-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-quick-scan.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-realtime-protection-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-realtime-protection.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-redundant-files.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-shredder-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-star.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-startup-programs-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-startup-programs.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-system-boost.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-system-scan-dark.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-system-scan.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tile-icon-web-security.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\timer-segment-black.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\timer-segment-red.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\timer-separator.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\tip-bubble.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\trial-notification-antivirus.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\trial-notification-boost.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\trial-notification-dollar.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\trial-notification-star.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\trial-notification-vpn.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\trial-notification-warning.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-applications.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-browser-manager.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-duplicates.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-firewall.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-junk-shredder.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-quarantine.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\upgrade-startup-programs.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\vpn-data-download.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\vpn-data-upload.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\vpn-tick.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\vpn-tile-icon.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\vpn-unsecured-wifi-connected.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-circle-red45.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-icon-red-small.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-icon-white-large.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-icon-white-medium.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-icon-white19.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-triangle-gray.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-triangle-orange.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-triangle-red.png -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\resources\warning-triangle-yellow.png -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\resources -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aebb.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aecore.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aecrypto.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aedroid.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aeemu.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aeexp.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aegen.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aehelp.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aeheur.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aelibinf.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aelidb.dat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aemobile.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aemvdb.dat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aeoffice.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aepack.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aerdl.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aesbx.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aescn.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aescript.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aeset.dat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aevdf.dat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\aevdf.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\apcfile.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\apchash.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\avgio.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\avupdate-savapilib-engine.conf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\avupdate.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\avupdate_msg.avr -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\cacert.crt -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\HBEDV.KEY -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\msvcp120.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\msvcr120.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\on-access-drivers-install.cmd -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\on-access-drivers-uninstall.cmd -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\README -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\utils\on-access-drivers-final.cmd -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\utils\on-access-drivers-post.cmd -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\utils\on-access-drivers-pre.cmd -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\utils\sd_inst.exe -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\utils -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avipbb.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avipbb.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avipbb.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8 -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avipbb.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avipbb.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avipbb.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win32 -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avipbb.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avipbb.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avipbb.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avipbb.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avipbb.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avipbb.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.cat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8 -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avgntflt.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avgntflt.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avipbb.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avipbb.sys -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avkmgr.inf -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avkmgr.sys -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access\win64 -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI\on_access -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\productname.dat -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\savapi.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SAVAPI\vdfupd.dll -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\SAVAPI -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Savapi.NET.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SCAPI.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SecurityProductInformation.ini -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SecurityService.exe -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SecurityService.exe.config -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SharedDesktop.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\ShellBrowser.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\SSCore.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\startup\startup.json -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\startup -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\System.Data.SQLite.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\temp.txt -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\TotalAV.exe -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\TotalAV.exe.config -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\uninst.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Update.Win.exe -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Update.Win.exe.config -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\updates -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Utilizr.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Utilizr.OpenVPN.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Utilizr.VPN.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Utilizr.VPN.Win.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\Utilzr.WPF.dll -> Removed at reboot [5]
    [PUP.PCProtect][File] C:\Program Files\TotalAV\vccorlib120.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\WebSocket4Net.dll -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\x64\SQLite.Interop.dll -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\x64 -> Deleted
    [PUP.PCProtect][File] C:\Program Files\TotalAV\x86\SQLite.Interop.dll -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\x86 -> Deleted
    [PUP.PCProtect][Folder] C:\Program Files\TotalAV\zh-CN -> Deleted
    [PUP.PCProtect][Folder] C:\Documents and Settings\Alan\Application Data\TotalAV -> ERROR [3]
    [PUP.PCProtect][File] C:\Documents and Settings\Alan\Desktop\TotalAV.lnk [LNK@] C:\PROGRA~1\TotalAV\TotalAV.exe -> Deleted
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> ERROR [3]
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Driver Whiz -> ERROR [3]

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][Firefox:Config] t01oh3zn.default-1417445688937 : user_pref("browser.startup.homepage", "Minnesota Flyway Forum"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 3b4dcad96d7dd6374e11052df13035db
    [BSP] e165ab2ebb9c66e8966a69572d6d91d2 : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152586 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  8. 2017/11/26
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Nothing new on Malwarebytes. But here is the history report of the last 1.5 weeks.

    11-16
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/16/17
    Scan Time: 4:10 AM
    Log File: 6b04846a-cab6-11e7-bc4e-00123f836020.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3269
    License: Trial

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: FIRSTCLASS\First Class Car Care

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 335611
    Threats Detected: 3
    Threats Quarantined: 3
    Time Elapsed: 50 min, 30 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 2
    PUP.Optional.DriverRestore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverRestore.exe, Quarantined, [742], [315307],1.0.3269
    PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe, Quarantined, [7320], [262208],1.0.3269

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 1
    PUP.Optional.DigitalSites, C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\DIGITALSITES, Quarantined, [841], [319816],1.0.3269

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)



    11-24
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/24/17
    Scan Time: 12:02 PM
    Log File: b1d27f32-d141-11e7-b458-00123f836020.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3340
    License: Trial

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: FIRSTCLASS\First Class Car Care

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 340053
    Threats Detected: 3
    Threats Quarantined: 3
    Time Elapsed: 47 min, 37 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 2
    PUP.Optional.DriverRestore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverRestore.exe, Quarantined, [741], [315307],1.0.3340
    PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe, Quarantined, [7320], [262208],1.0.3340

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 1
    PUP.Optional.DigitalSites, C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\DIGITALSITES, Quarantined, [840], [319816],1.0.3340

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)
    (end)


    11-25
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 11/25/17
    Protection Event Time: 10:52 AM
    Log File: 074c01d0-d201-11e7-9f0a-00123f836020.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3343
    License: Trial

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: System

    -Blocked Malware Details-
    File: 1
    PUP.Optional.AdvancedSystemCare, C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe, Quarantined, [1217], [396386],1.0.3343
    (end)


    11-26
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/26/17
    Scan Time: 9:06 AM
    Log File: 6f4c89b6-d2bb-11e7-87a4-00123f836020.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3350
    License: Trial

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: FIRSTCLASS\First Class Car Care

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 340224
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 46 min, 6 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
  9. 2017/11/26
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Regarding AdwCleaner, the new version does not do 32 byte.

    I found an older version and did the scan, etc. And now it disappeared - like no trace of the file or scan. I recall that my computer had shut down and would not reboot - and I mean zero response. I had to unplug the PC and then it powered back up
     
  10. 2017/11/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    AdwCleaner works on 32 and 64 bit systems.
     
  11. 2017/11/27
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Well the error message says that it does not. Maybe the error message for 7.0v should say it does not work on XP. I did some researching, and no the 7.0v does not work on XP, so people with XP systems need to down load a 6.v which I did.
    Weird thing is like I mentioned - my computer had turned off by itself when doing the cleaning, zero response, meaning using the on/off switch did nothing. I had to unplug it to be able to boot it back up and once it had, the Adw 6.0 was gone, with no sign of it anywhere. So I downloaded 6.v again and it here it recognized my computer and the log file below was listed, it is attached below. But being it had shut down automatically, during /after(???) cleaning, do I rerun it?

    BTW, I am not a business - the Car Care titling is who had owned the computer before I had bought it from a reseller years ago. I'm just an average individual seeking assistance.

    # AdwCleaner v5.009 - Logfile created 26/11/2017 at 12:40:32
    # Updated 27/09/2015 by Xplode
    # Database : 2015-09-27.1 [Local]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : First Class Car Care - FIRSTCLASS
    # Running from : C:\Documents and Settings\Alan\Desktop\adwcleaner-5-009-multi-win.exe
    # Option : Scan
    # Support : ToolsLib

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\Documents and Settings\All Users\Application Data\6F63A5579BF72ADF26140C367B07D287
    Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\driver whiz

    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKCU\Software\f9e0af89c114135
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
    Key Found : HKU\.DEFAULT\Software\GeekBuddyRSP
    Key Found : HKCU\Software\eSupport.com
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverRestore
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}

    ***** [ Web browsers ] *****

    [C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2911 bytes] ##########
     
    Last edited: 2017/11/27
  12. 2017/11/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. 2017/11/27
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-10-31] (Cyberlink Corp.)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-08-30] ()
    HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] ()
    HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057064 2007-06-25] (Nero AG)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
    HKLM\...\Run: [EZGigMonitor.exe] => C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe [1169264 2007-10-09] (Apricorn)
    HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)
    HKLM\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [46720 2012-03-08] (CenturyLink Inc)
    HKLM\...\Run: [Apricorn Scheduler Service] => C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe [148712 2007-10-09] (Apricorn)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe [1949480 2007-10-09] (Apricorn)
    HKLM\...\Run: [DLCCCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16************************************************************************************************************************ (the data entry has 59 more characters).
    HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll <==== ATTENTION
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
    HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 1
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [ROC_ROC_APR2013_AV] => C:\Documents and Settings\Alan\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 44e03bb2500547d0a693d15b796789d3-e21a548767f03e4ce288f39c52dc7e4801662a10 --CMPID ROC (the data entry has 29 more characters).
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-10-17] (SUPERAntiSpyware)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1007\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2007-06-27] (Nero AG)
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
    Tcpip\..\Interfaces\{EAFC8161-F832-4137-9C39-A8C3CA7FAD31}: [DhcpNameServer] 192.168.0.1 205.171.3.25

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.refugeforums.com/refuge/forumdisplay.php?f=33
    URLSearchHook: [S-1-5-21-1801674531-1979792683-1417001333-1007] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File
    BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
    Toolbar: HKLM - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1417580843046
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251126488015
    DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: t01oh3zn.default-1417445688937
    FF ProfilePath: C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\t01oh3zn.default-1417445688937 [2017-11-27]
    FF Homepage: C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\t01oh3zn.default-1417445688937 -> hxxp://www.refugeforums.com/refuge/forumdisplay.php?f=33
    FF Extension: (WebSearch Extension) - C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\t01oh3zn.default-1417445688937\Extensions\{ab0f5841-11f0-4c92-9bf8-b885f4431253}.xpi [2017-11-26]
    FF ProfilePath: C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\n8w0j26j.default-1511457590609 [2017-11-24]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24] [Lagacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [{FD2A3AFE-D1D0-440F-8BEA-3B664EE4E27B}] - C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{FD2A3AFE-D1D0-440F-8BEA-3B664EE4E27B}
    FF Extension: (No Name) - C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\{FD2A3AFE-D1D0-440F-8BEA-3B664EE4E27B} [2011-04-04] [not signed]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-26]
    CHR Extension: (Docs) - C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
    CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
    R2 AcrSch2Svc; C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe [410856 2007-10-09] (Apricorn)
    R2 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () [File not signed]
    R2 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [538096 2007-02-14] ( )
    R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1552680 2007-06-25] (Nero AG)
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
    R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] () [File not signed]
    S4 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () [File not signed]
    S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
    S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
    S2 SecurityService; "C:\Program Files\TotalAV\SecurityService.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S1 Changer; C:\WINDOWS\system32\Drivers\Changer.sys [8192 2008-04-13] (Microsoft Corporation)
    R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
    R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
    R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [119080 2007-06-25] (Nero AG)
    R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-06-25] (Nero AG)
    U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-06-25] (Nero AG)
    R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-06-25] (Nero AG)
    S1 lbrtfdc; C:\WINDOWS\system32\Drivers\lbrtfdc.sys [34688 2008-04-13] (Toshiba Corp.)
    R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150304 2017-11-24] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-27] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-11-27] (Malwarebytes)
    S3 MN710-51; C:\WINDOWS\System32\DRIVERS\MN710-51.sys [339520 2004-01-07] (GlobespanVirata, Inc.)
    S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-07-23] (Motorola)
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20176 2012-02-20] (Sonic Solutions) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [120688 2009-08-28] (Apricorn) [File not signed]
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
    R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
    R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
    R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [39376 2009-08-28] (Apricorn) [File not signed]
    R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [400560 2009-08-28] (Apricorn) [File not signed]
    U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2017-11-25] ()
    S0 cerc6; no ImagePath
    U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
    S4 vsdatant; a [X]
    U1 WS2IFSL; no ImagePath
    S0 WudfPf; system32\DRIVERS\WudfPf.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-27 21:13 - 2017-11-27 21:15 - 000017344 _____ C:\Documents and Settings\Alan\Desktop\FRST.txt
    2017-11-26 23:25 - 2017-11-26 23:27 - 004102600 _____ C:\Documents and Settings\Alan\Desktop\adwcleaner_6.046.exe
    2017-11-26 22:09 - 2017-11-26 22:09 - 000000000 ____D C:\Program Files\7-Zip
    2017-11-26 22:09 - 2017-11-26 22:09 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    2017-11-26 12:35 - 2017-11-26 23:30 - 000000000 ____D C:\AdwCleaner
    2017-11-25 21:26 - 2017-11-25 21:26 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-11-25 21:25 - 2017-11-26 20:19 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
    2017-11-25 21:25 - 2017-11-25 21:25 - 000000734 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
    2017-11-25 21:25 - 2017-11-25 21:25 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
    2017-11-25 21:24 - 2017-11-25 21:25 - 000000000 ____D C:\Program Files\RogueKiller
    2017-11-25 21:14 - 2017-11-25 21:16 - 036141704 _____ (Adlice Software ) C:\Documents and Settings\Alan\Desktop\RogueKiller_setup.exe
    2017-11-25 10:33 - 2017-11-27 21:11 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\FRST-OlderVersion
    2017-11-25 10:31 - 2017-11-27 21:11 - 000000000 ____D C:\FRST
    2017-11-24 11:49 - 2017-11-27 15:27 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-11-24 11:48 - 2017-11-27 15:27 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-11-24 11:48 - 2017-11-24 11:48 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2017-11-24 11:48 - 2017-11-24 11:48 - 000001731 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
    2017-11-24 11:48 - 2017-11-24 11:48 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
    2017-11-24 11:48 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
    2017-11-23 18:43 - 2017-11-27 21:11 - 001752064 _____ (Farbar) C:\Documents and Settings\Alan\Desktop\FRST.exe
    2017-11-23 11:20 - 2017-11-23 11:20 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Old Firefox Data
    2017-11-17 22:55 - 2017-11-17 23:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-11-16 13:55 - 2017-11-18 00:05 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\2017 Waterfowl reports
    2017-11-16 04:02 - 2017-11-16 04:02 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-11-15 21:21 - 2017-11-17 22:43 - 000371510 _____ C:\WINDOWS\ntbtlog.txt
    2017-11-07 23:46 - 2017-11-07 23:46 - 000022077 _____ C:\Documents and Settings\Alan\Desktop\November Agenda and October minutes.zip
    2017-11-07 23:45 - 2017-11-07 23:45 - 005831295 _____ C:\Documents and Settings\Alan\Desktop\2017-11-07 - October 2017 Treasurer's Report.pdf
    2017-11-07 12:23 - 2017-11-21 12:07 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Ebay

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-27 21:15 - 2009-11-28 21:34 - 000000000 ____D C:\Documents and Settings\First Class Car Care\Local Settings\Temp
    2017-11-27 18:58 - 2014-12-02 23:55 - 000000000 ____D C:\temp
    2017-11-27 18:57 - 2014-12-03 03:21 - 000000252 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2017-11-27 18:57 - 2010-02-03 00:21 - 000000236 _____ C:\WINDOWS\Tasks\OGALogon.job
    2017-11-27 18:57 - 2008-04-14 06:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
    2017-11-27 15:27 - 2009-08-22 19:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-11-27 15:26 - 2009-11-28 21:35 - 000000278 ___SH C:\Documents and Settings\First Class Car Care\ntuser.ini
    2017-11-27 15:26 - 2009-08-22 19:32 - 000032554 _____ C:\WINDOWS\SchedLgU.Txt
    2017-11-27 15:25 - 2009-11-28 21:34 - 000000000 ____D C:\Documents and Settings\First Class Car Care
    2017-11-26 15:13 - 2014-12-02 23:56 - 000000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
    2017-11-26 12:04 - 2012-02-29 08:30 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\For Sale
    2017-11-26 12:04 - 2010-02-12 12:46 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\For sale sold
    2017-11-26 07:57 - 2009-08-22 19:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-11-23 19:18 - 2008-04-14 06:00 - 000000638 _____ C:\WINDOWS\win.ini
    2017-11-23 18:00 - 2011-03-20 23:09 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2017-11-21 09:33 - 2014-12-01 23:17 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\misc docs
    2017-11-18 22:54 - 2014-12-25 13:23 - 000000508 _____ C:\WINDOWS\Tasks\Motorola Device Manager Update.job
    2017-11-18 00:19 - 2014-01-27 12:04 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-11-17 23:05 - 2009-11-28 21:34 - 000000000 ___RD C:\Documents and Settings\Alan\Alan's Documents
    2017-11-17 22:53 - 2009-08-22 13:30 - 000599684 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-11-17 22:52 - 2015-05-21 16:46 - 000000000 ____D C:\Program Files\dl_Cats
    2017-11-17 22:50 - 2014-12-02 23:56 - 000000000 ____D C:\Documents and Settings\UpdatusUser
    2017-11-17 22:50 - 2011-04-10 08:25 - 000000000 ____D C:\Documents and Settings\Administrator
    2017-11-17 22:50 - 2009-08-22 19:32 - 000000000 __SHD C:\Documents and Settings\LocalService
    2017-11-17 22:50 - 2009-08-22 19:18 - 000000000 __SHD C:\Documents and Settings\NetworkService
    2017-11-17 22:49 - 2009-08-22 19:13 - 000000000 ____D C:\WINDOWS\Registration
    2017-11-17 22:46 - 2012-02-29 08:25 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Hunting related
    2017-11-17 09:48 - 2009-08-22 13:23 - 000000000 ___HD C:\WINDOWS\inf
    2017-11-16 10:41 - 2012-03-23 21:08 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\P2 Alano
    2017-11-16 10:40 - 2017-03-08 09:23 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Nik C 2017
    2017-11-16 04:02 - 2009-10-26 19:18 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2017-11-08 15:06 - 2014-12-03 03:21 - 000000246 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2017-11-07 12:24 - 2017-01-30 12:45 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Memes
    2017-11-03 08:14 - 2014-12-01 23:17 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Misc photos
    2017-10-31 12:08 - 2012-02-22 12:26 - 000000000 ____D C:\Documents and Settings\Alan\Desktop\Mainstreeters

    ==================== Files in the root of some directories =======

    2011-01-23 21:55 - 2011-01-23 21:55 - 000011429 _____ () C:\Documents and Settings\Alan\Application Data\Microsoft Excel.TSK
    2010-02-11 22:08 - 2017-09-20 05:25 - 000208896 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-04-27 13:09 - 2010-04-27 13:09 - 000000143 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\fusioncache.dat
    2010-04-27 12:13 - 2014-12-22 20:17 - 000008541 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

    ZeroAccess:
    C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a
    ZeroAccess:
    C:\Program Files\Google\Desktop\Install

    Some files in TEMP:
    ====================
    2017-11-25 21:26 - 2010-12-09 09:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\First Class Car Care\Local Settings\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

    ==================== End of FRST.txt ============================
     
  14. 2017/11/27
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-11-2017
    Ran by First Class Car Care (27-11-2017 21:28:59)
    Running from C:\Documents and Settings\Alan\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2009-08-23 01:18:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1801674531-1979792683-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1801674531-1979792683-1417001333-1004 - Limited - Enabled)
    First Class Car Care (S-1-5-21-1801674531-1979792683-1417001333-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\First Class Car Care
    Guest (S-1-5-21-1801674531-1979792683-1417001333-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1801674531-1979792683-1417001333-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1801674531-1979792683-1417001333-1002 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1801674531-1979792683-1417001333-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2350 (HKLM\...\{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    2350_Help (HKLM\...\{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    2350Trb (HKLM\...\{C0E7118C-CF3D-46EC-B431-F744C035A571}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 3.0 (HKLM\...\{851C67EF-068A-4060-9EF5-2E3DDCD68382}) (Version: 003.000.0000 - Adobe Systems Inc.)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Advanced SystemCare 3 (HKLM\...\Advanced SystemCare 3_is1) (Version: 3.4.1 - IObit)
    AiO_Scan (HKLM\...\{655CB07D-C944-40BE-B93F-55957CAC7625}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    AiOSoftware (HKLM\...\{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    Apricorn EZ Gig II (HKLM\...\{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}) (Version: 10.0.5114 - Apricorn)
    Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
    BufferChm (HKLM\...\{700A6597-3CE6-49C1-AA75-846B24CDA66D}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CenturyLink Installer (HKLM\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (HKLM\...\{1B680FBA-E317-4E93-AF43-3B59798A4BE0}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CP_AtenaShokunin1Config (HKLM\...\{A5B9D22C-755A-4AC6-9904-875E80838BB6}) (Version: 45.4.131.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Albums1 (HKLM\...\{272EC8BA-5A08-4ea1-A189-684466A06B02}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    cp_dwShrek2Cards1 (HKLM\...\{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjects (HKLM\...\{644D04A2-C682-4FD5-977D-03B804C4B9C5}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CreativeProjectsTemplates (HKLM\...\{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    CueTour (HKLM\...\{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Destinations (HKLM\...\{68963635-14A4-48D9-B431-DF3A74D1AAE1}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Director (HKLM\...\{B911B811-BA3E-46D4-90F8-6F3338359651}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    DocProc (HKLM\...\{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
    DocumentViewer (HKLM\...\{CE0C8CC5-E396-442B-A50E-D1D374A9E820}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Fax (HKLM\...\{181821B7-82AA-44DA-9DAF-EF254CCB670A}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
    HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
    HPSystemDiagnostics (HKLM\...\{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}) (Version: 1.6.0.0 - Your Company Name) Hidden
    InstantShare (HKLM\...\{1AD5F465-8282-4DAD-B957-E09C0B783D18}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
    LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    MarketResearch (HKLM\...\{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}) (Version: 45.4.158.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - )
    Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
    Motorola Device Software Update (HKLM\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
    Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nero 7 Essentials (HKLM\...\{2000BE04-8B25-4776-93FC-830959521033}) (Version: 7.03.1009 - Nero AG)
    NVIDIA Graphics Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
    NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PanoStandAlone (HKLM\...\{5E8D588F-307C-4250-B622-26969027319A}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PhotoGallery (HKLM\...\{646A65DD-23FC-418E-B9F0-E0500FB42CB1}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
    ProductContext (HKLM\...\{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}) (Version: 47.1.14.000 - Hewlett-Packard) Hidden
    QFolder (HKLM\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Readme (HKLM\...\{442BE28B-782B-4DC0-B490-E70A403B1C69}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
    RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
    Scan (HKLM\...\{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (HKLM\...\{14BEB6DF-A499-4A38-8E06-E173BCD5C087}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
    Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    SkinsHP1 (HKLM\...\{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.7000 - Analog Devices)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
    TotalAV (HKLM\...\TotalAV) (Version: 1.36.98 - TotalAV)
    TrayApp (HKLM\...\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Unload (HKLM\...\{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}) (Version: 4.5.0 - Hewlett-Packard) Hidden
    WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (HKLM\...\{CDFCF124-115F-4976-8BF4-08C89187A146}) (Version: 45.4.157.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio (HKLM\...\{A6264FF6-C49D-4533-AF42-4875C38BB24C}) (Version: 1.00.0000 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] ()
    ContextMenuHandlers1: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] ()
    ContextMenuHandlers2: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] ()
    ContextMenuHandlers4: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2012-08-30] ()
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-10-14] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2012-08-30] (NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers6: [InCDShellExt] -> {CAE3251E-9B15-4810-B268-852AD9792A59} => C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll [2007-06-25] (Nero AG)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

    ==================== Scheduled Tasks=============================

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2004-10-04 04:47 - 2004-10-04 04:47 - 000098304 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    2004-10-04 04:46 - 2004-10-04 04:46 - 000147456 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
    2014-04-07 08:31 - 2014-04-07 08:31 - 000172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
    2004-10-04 03:40 - 2004-10-04 03:40 - 000118784 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    2007-01-22 01:24 - 2007-01-22 01:24 - 000069632 _____ () C:\WINDOWS\system32\dlcccfg.dll
    2005-04-01 10:44 - 2005-04-01 10:44 - 000061440 _____ () C:\WINDOWS\system32\dlcccnv4.dll
    2017-11-24 11:48 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2007-10-09 11:12 - 2007-10-09 11:12 - 000050408 _____ () C:\Program Files\Common Files\Apricorn\Common\gc.dll
    2007-07-12 11:55 - 2007-07-12 11:55 - 001581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-08-14 11:59 - 2007-08-14 11:59 - 006365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-07-12 11:55 - 2007-07-12 11:55 - 000131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:SummaryInformation [43]
    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77577818.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77577818.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR310 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...\100sexlinks.com -> 100sexlinks.com

    There are 4790 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2011-04-20 16:05 - 2011-04-20 19:36 - 000000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1007\Control Panel\Desktop\\Wallpaper -> (None)
    DNS Servers: 192.168.0.1 - 205.171.3.25
    sharedaccess => Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabled:Dropbox
    StandardProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabled:Dropbox

    ==================== Restore Points =========================

    29-08-2017 23:20:33 System Checkpoint
    31-08-2017 00:20:11 System Checkpoint
    01-09-2017 01:20:11 System Checkpoint
    02-09-2017 02:20:11 System Checkpoint
    03-09-2017 03:20:11 System Checkpoint
    04-09-2017 04:20:11 System Checkpoint
    05-09-2017 05:20:11 System Checkpoint
    06-09-2017 06:21:16 System Checkpoint
    07-09-2017 07:20:11 System Checkpoint
    08-09-2017 08:20:12 System Checkpoint
    09-09-2017 08:33:36 System Checkpoint
    10-09-2017 09:20:11 System Checkpoint
    11-09-2017 09:21:16 System Checkpoint
    12-09-2017 10:20:12 System Checkpoint
    13-09-2017 11:20:11 System Checkpoint
    14-09-2017 12:20:07 System Checkpoint
    16-09-2017 23:43:16 System Checkpoint
    18-09-2017 00:02:30 System Checkpoint
    20-09-2017 07:17:41 System Checkpoint
    21-09-2017 02:00:21 Software Distribution Service 3.0
    22-09-2017 02:24:00 System Checkpoint
    23-09-2017 03:23:59 System Checkpoint
    24-09-2017 04:24:00 System Checkpoint
    25-09-2017 04:29:27 System Checkpoint
    26-09-2017 05:29:27 System Checkpoint
    27-09-2017 09:33:49 System Checkpoint
    28-09-2017 10:29:28 System Checkpoint
    29-09-2017 11:03:34 System Checkpoint
    30-09-2017 11:29:29 System Checkpoint
    01-10-2017 12:29:29 System Checkpoint
    02-10-2017 13:29:30 System Checkpoint
    03-10-2017 16:56:22 System Checkpoint
    04-10-2017 17:01:23 System Checkpoint
    05-10-2017 17:29:28 System Checkpoint
    06-10-2017 17:41:58 System Checkpoint
    07-10-2017 19:25:35 System Checkpoint
    08-10-2017 19:29:29 System Checkpoint
    09-10-2017 23:21:27 System Checkpoint
    10-10-2017 23:41:38 System Checkpoint
    11-10-2017 23:41:48 System Checkpoint
    13-10-2017 00:41:21 System Checkpoint
    14-10-2017 00:42:46 System Checkpoint
    15-10-2017 01:29:16 System Checkpoint
    16-10-2017 02:29:16 System Checkpoint
    17-10-2017 03:29:18 System Checkpoint
    18-10-2017 02:00:18 Software Distribution Service 3.0
    19-10-2017 02:22:46 System Checkpoint
    20-10-2017 03:10:17 System Checkpoint
    21-10-2017 04:10:17 System Checkpoint
    22-10-2017 05:10:17 System Checkpoint
    23-10-2017 06:10:19 System Checkpoint
    24-10-2017 06:55:36 System Checkpoint
    25-10-2017 15:03:14 System Checkpoint
    26-10-2017 15:25:56 System Checkpoint
    28-10-2017 00:32:35 System Checkpoint
    29-10-2017 01:25:56 System Checkpoint
    30-10-2017 02:25:57 System Checkpoint
    31-10-2017 03:25:58 System Checkpoint
    01-11-2017 04:25:57 System Checkpoint
    02-11-2017 05:25:57 System Checkpoint
    03-11-2017 06:25:58 System Checkpoint
    04-11-2017 07:25:58 System Checkpoint
    05-11-2017 07:34:03 System Checkpoint
    06-11-2017 07:37:59 System Checkpoint
    07-11-2017 07:53:04 System Checkpoint
    08-11-2017 22:56:15 System Checkpoint
    09-11-2017 23:25:22 System Checkpoint
    11-11-2017 00:25:24 System Checkpoint
    12-11-2017 01:25:24 System Checkpoint
    13-11-2017 02:25:38 System Checkpoint
    14-11-2017 03:20:54 System Checkpoint
    15-11-2017 03:46:13 System Checkpoint
    17-11-2017 22:44:21 Restore Operation
    21-11-2017 18:41:23 System Checkpoint
    23-11-2017 17:59:46 System Checkpoint
    27-11-2017 16:09:10 System Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/26/2017 03:14:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application motohelperagent.exe, version 14.8.6.1, faulting module motohelperagent.exe, version 14.8.6.1, fault address 0x0005944c.
    Processing media-specific event for [motohelperagent.exe!ws!]

    Error: (11/24/2017 09:09:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/23/2017 11:04:15 AM) (Source: Userenv) (EventID: 1068) (User: NT AUTHORITY)
    Description: Windows ended GPO processing because the computer shut down or the user logged off.

    Error: (11/22/2017 08:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/22/2017 11:07:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/21/2017 09:18:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/17/2017 10:51:50 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index cannot be read. (0xc0041800)

    Error: (11/17/2017 10:51:50 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index cannot be read. (0xc0041800)

    Error: (11/17/2017 10:51:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index cannot be read. (0xc0041800)

    Error: (11/17/2017 10:51:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

    Context: Windows Application, SystemIndex Catalog

    Details:
    0xc0041801 (0xc0041801)


    System errors:
    =============
    Error: (11/27/2017 09:10:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/27/2017 09:07:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/27/2017 07:51:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/27/2017 07:32:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/27/2017 07:21:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (11/27/2017 06:58:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

    Error: (11/27/2017 03:28:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    WudfPf

    Error: (11/27/2017 03:28:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Computer Browser service terminated with the following error:
    The specified service does not exist as an installed service.

    Error: (11/27/2017 03:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The PC Security Management Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (11/27/2017 03:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Java Quick Starter service failed to start due to the following error:
    The system cannot find the file specified.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
    Percentage of memory in use: 40%
    Total physical RAM: 3070.07 MB
    Available physical RAM: 1833.86 MB
    Total Virtual: 5409.5 MB
    Available Virtual: 4333.91 MB

    ==================== Drives ================================

    Drive c: (Main 160 G drive) (Fixed) (Total:149.01 GB) (Free:105.3 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: F8A999B3)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  15. 2017/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    That's incorrect.
    You clicked on Scan button instead of Fix button.
    Please re-read my instructions.
     
  16. 2017/11/28
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    I did. And it says SCAN (not fix) from last night. :(
     
  17. 2017/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    I deeply apologize. My bad :)
    However the top part of the first log is missing.
    Above this line:

    ==================== Registry (Whitelisted) ===========================
     
  18. 2017/11/29
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Btw. When I click "fix" on the FRST it keeps saying fixlist.txt not found. So that had/has me confused too.

    I'm not sure what happened that the complete scan report was not posted, likely operator error, :eek:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
    Ran by First Class Car Care (administrator) on FIRSTCLASS (29-11-2017 07:44:51)
    Running from C:\Documents and Settings\Alan\Desktop
    Loaded Profiles: First Class Car Care & UpdatusUser (Available Profiles: First Class Car Care & UpdatusUser & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Apricorn) C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
    (Apricorn) C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
    (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
    (CenturyLink Inc) C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
    (Apricorn) C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
    () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    (Apricorn) C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
    ( ) C:\WINDOWS\system32\dlcccoms.exe
    (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

    ==================== Registry (Whitelisted) ===========================
     
  19. 2017/11/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  20. 2017/11/30
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    Does "fixing" generally take this long? it's been running for over 12 hrs now...
     
  21. 2017/11/30
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    beginner
    It still says its fixing. I need to get at a file which it will not allow me to open up. I'm going to do s ctrl/alt/delete and reboot
    Let me know what to do from this point.
     

Share This Page