Jump to content

Recommended Posts

I am having problems with Firefox running slow, freeze.com offers shows up on some reports as do other problems, but they never disappear.  Windows management has somehow been disabled, and I'm not sure what else.

 

I would appreciate any and all help. Thank you very much in advance!!!

 

I ran FRST and it just kept finishing a scan and then performing another and another and another.  Here are the logs I have:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by winslow (administrator) on MAIN on 04-10-2014 18:12:28
Running from D:\Documents and Settings\winslow\desktop
Loaded Profile: winslow (Available profiles: winslow & UpdatusUser)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) D:\WINDOWS\RTHDCPL.exe
() D:\Program Files\EVGA Precision\EVGAPrecision.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) D:\WINDOWS\system32\dllhost.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => D:\WINDOWS\RTHDCPL.EXE [16859136 2008-03-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EVGAPrecision] => D:\Program Files\EVGA Precision\EVGAPrecision.exe [302184 2012-06-19] ()
HKLM\...\Run: [nwiz] => D:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoRecentDocsNetHood] 1
Lsa: [Notification Packages]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08527A84BFAFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 05 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.79.197.97 65.79.193.8

FireFox:
========
FF ProfilePath: D:\Documents and Settings\winslow\Application Data\Mozilla\Firefox\Profiles\pww37mqq.default-1410918357004
FF Homepage: yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-18] (SUPERAntiSpyware.com)
R2 6to4; D:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
S3 IDriverT; D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-16] (Oracle Corporation)
S2 LightScribeService; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S3 RoxLiveShare9; "D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S2 srservice; C:\WINDOWS\system32\srsvc.dll [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; D:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 aswHwid; D:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-31] ()
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-31] (AVAST Software)
R1 AswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-31] (AVAST Software)
R0 aswRvrt; D:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-31] ()
R1 aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-31] (AVAST Software)
R1 aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-31] (AVAST Software)
R1 aswTdi; D:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-31] (AVAST Software)
R0 aswVmm; D:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-31] ()
R3 L1e; D:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-02-02] (Atheros Communications, Inc.)
R3 MTsensor; D:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 nm; D:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; D:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; D:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; D:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R1 pctgntdi; D:\WINDOWS\system32\drivers\pctgntdi.sys [233136 2009-10-30] (PC Tools)
S3 RT2500; D:\WINDOWS\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)
R3 RTCore32; D:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] () [File not signed]
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Tcpip6; D:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 catchme; \??\D:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MEMSWEEP2; \??\D:\WINDOWS\system32\1CF.tmp [X]
S3 MFE_RR; \??\D:\DOCUME~1\winslow\LOCALS~1\Temp\mfe_rr.sys [X]
S3 NVR0Dev; \??\D:\WINDOWS\nvoclock.sys [X]
S3 SABProcEnum; \??\D:\Program Files\Internet Explorer\SABProcEnum.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\D:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
U3 TlntSvr; No ImagePath
S3 WinRing0_1_2_0; \??\D:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 18:12 - 2014-10-04 18:13 - 00011239 _____ () D:\Documents and Settings\winslow\desktop\FRST.txt
2014-10-04 18:12 - 2014-10-04 18:12 - 00000000 ____D () D:\FRST
2014-10-04 17:32 - 2014-10-04 18:05 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 17:31 - 2014-10-04 17:31 - 00000777 _____ () D:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 17:31 - 2014-10-04 17:31 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-10-04 17:31 - 2014-10-04 17:31 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 17:31 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-04 17:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-10-04 17:10 - 2014-10-04 17:10 - 00005632 ___SH () D:\Documents and Settings\winslow\desktop\Thumbs.db
2014-10-04 17:01 - 2014-10-04 18:12 - 00007680 ___SH () D:\WINDOWS\Thumbs.db
2014-10-04 16:46 - 2014-10-04 16:46 - 01402880 _____ () D:\Documents and Settings\winslow\desktop\HiJackThis.msi
2014-10-04 16:11 - 2014-10-04 16:11 - 00267008 _____ () D:\WINDOWS\system32\FNTCACHE.DAT
2014-10-04 15:53 - 2014-10-04 16:09 - 00000000 ____D () D:\AdwCleaner
2014-10-04 15:51 - 2014-10-04 15:51 - 01375089 _____ () D:\Documents and Settings\winslow\desktop\AdwCleaner.exe
2014-10-04 15:51 - 2014-10-04 15:51 - 01100800 _____ (Farbar) D:\Documents and Settings\winslow\desktop\FRST.exe
2014-10-04 15:05 - 2014-10-04 17:28 - 00002400 _____ () D:\Documents and Settings\winslow\desktop\Rkill.txt
2014-10-04 15:01 - 2014-10-04 15:01 - 01944824 _____ (Bleeping Computer, LLC) D:\Documents and Settings\winslow\desktop\rkill.exe
2014-10-04 13:35 - 2014-10-04 13:35 - 00000000 ____D () D:\SUPERDelete
2014-09-30 09:00 - 2014-09-30 09:00 - 00000682 _____ () D:\Documents and Settings\winslow\desktop\CCleaner.lnk
2014-09-24 21:47 - 2014-09-24 21:48 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-09-20 23:11 - 2014-09-20 23:12 - 00000000 ____D () D:\Documents and Settings\winslow\desktop\NPD
2014-09-20 02:23 - 2014-09-20 04:37 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2014-09-18 04:29 - 2014-09-18 04:29 - 00000000 ____D () D:\Documents and Settings\UpdatusUser\Application Data\Apple Computer
2014-09-18 04:17 - 2014-09-18 04:17 - 00007179 _____ () D:\Documents and Settings\winslow\My Documents\free_av_9.0.2021_2014-9-17_5-26-11.avastconfig
2014-09-17 06:16 - 2014-09-17 06:36 - 00000000 ____D () D:\Program Files\Free Window Registry Repair
2014-09-17 06:16 - 2014-09-17 06:16 - 00000718 _____ () D:\Documents and Settings\winslow\desktop\Free Window Registry Repair.lnk
2014-09-17 06:16 - 2014-09-17 06:16 - 00000000 ____D () D:\Documents and Settings\winslow\Start Menu\Programs\Free Window Registry Repair
2014-09-16 20:40 - 2014-10-04 16:10 - 00000000 ____D () D:\Program Files\Mozilla Maintenance Service
2014-09-16 20:40 - 2014-09-16 20:40 - 00000730 _____ () D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-16 20:40 - 2014-09-16 20:40 - 00000724 _____ () D:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-09-16 20:11 - 2014-09-16 20:11 - 00096680 _____ (Oracle Corporation) D:\WINDOWS\system32\WindowsAccessBridge.dll
2014-09-16 20:11 - 2014-09-16 20:11 - 00000000 ____D () D:\Program Files\Common Files\Java
2014-09-16 20:11 - 2014-09-16 20:11 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-09-16 20:11 - 2014-09-16 20:10 - 00272808 _____ (Oracle Corporation) D:\WINDOWS\system32\javaws.exe
2014-09-16 20:11 - 2014-09-16 20:10 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\javaw.exe
2014-09-16 20:11 - 2014-09-16 20:10 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\java.exe
2014-09-16 20:11 - 2014-09-16 20:10 - 00145408 _____ (Oracle Corporation) D:\WINDOWS\system32\javacpl.cpl
2014-09-15 07:50 - 2014-09-15 07:50 - 05292054 _____ () D:\Documents and Settings\winslow\desktop\sept 14 irs.bmp
2014-09-15 07:50 - 2014-09-15 07:50 - 00019714 _____ () D:\Documents and Settings\winslow\desktop\Confirmation.tif
2014-09-08 19:18 - 2014-09-08 19:18 - 00000000 ____D () D:\WINDOWS\jumpshot.com
2014-09-05 04:45 - 2014-09-05 04:53 - 00000102 _____ () D:\Documents and Settings\winslow\advanced_ip_scanner_MAC.bin
2014-09-05 04:40 - 2014-09-05 04:40 - 00000000 ____H () D:\Documents and Settings\winslow\My Documents\Default.rdp
2014-09-05 04:34 - 2014-09-05 04:34 - 00000740 _____ () D:\Documents and Settings\All Users\desktop\Advanced IP Scanner.lnk
2014-09-05 04:34 - 2014-09-05 04:34 - 00000000 ____D () D:\Program Files\Advanced IP Scanner
2014-09-05 04:34 - 2014-09-05 04:34 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Advanced IP Scanner v2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 18:13 - 2012-08-04 00:33 - 00000000 ____D () D:\Documents and Settings\winslow\Local Settings\temp
2014-10-04 17:30 - 2010-01-17 02:18 - 00000000 ____D () D:\Program Files\EVGA Precision
2014-10-04 17:17 - 2009-11-05 11:07 - 00000754 _____ () D:\WINDOWS\WORDPAD.INI
2014-10-04 17:01 - 2012-06-14 03:04 - 00000000 ____D () D:\IE8
2014-10-04 16:15 - 2012-06-02 01:14 - 00000178 ___SH () D:\Documents and Settings\UpdatusUser\ntuser.ini
2014-10-04 16:14 - 2013-04-15 20:44 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-04 16:14 - 2012-07-06 14:59 - 00000364 ____H () D:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-04 16:14 - 2009-10-09 22:58 - 00000000 ____D () D:\WINDOWS\Registration
2014-10-04 16:13 - 2013-01-11 19:10 - 01470175 _____ () D:\WINDOWS\WindowsUpdate.log
2014-10-04 16:12 - 2013-04-15 19:13 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-10-04 16:12 - 2013-04-15 19:13 - 00000049 _____ () D:\WINDOWS\wiaservc.log
2014-10-04 16:12 - 2012-08-05 04:40 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-04 16:12 - 2012-08-05 04:40 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-04 16:11 - 2009-10-09 23:03 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-10-04 16:11 - 2008-04-14 07:00 - 00013646 _____ () D:\WINDOWS\system32\wpa.dbl
2014-10-04 15:31 - 2010-03-13 17:34 - 00000000 ____D () D:\Documents and Settings\winslow\Application Data\Apple Computer
2014-10-04 15:09 - 2013-12-17 00:27 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-04 13:35 - 2012-05-17 14:55 - 00000000 ____D () D:\Documents and Settings\winslow\Application Data\IObit
2014-10-04 13:34 - 2009-12-20 16:23 - 00000000 ____D () D:\Program Files\SUPERAntiSpyware
2014-10-04 02:01 - 2012-05-17 16:33 - 00065536 _____ () D:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-10-04 02:01 - 2011-11-30 19:22 - 00065536 _____ () D:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-04 02:01 - 2010-03-03 19:25 - 00065536 _____ () D:\WINDOWS\system32\config\ODiag.evt
2014-10-04 02:01 - 2009-10-10 02:02 - 00065536 _____ () D:\WINDOWS\system32\config\Internet.evt
2014-10-02 01:02 - 2010-12-12 03:17 - 00002497 _____ () D:\Documents and Settings\winslow\desktop\Microsoft Office Word 2003.lnk
2014-09-30 13:05 - 2011-12-05 21:42 - 00002571 _____ () D:\Documents and Settings\winslow\desktop\Microsoft Calculator Plus.lnk
2014-09-30 09:00 - 2009-10-09 23:47 - 00000000 ____D () D:\Program Files\CCleaner
2014-09-18 04:22 - 2013-04-18 09:08 - 00032556 ____N () D:\WINDOWS\SchedLgU.Txt
2014-09-18 04:22 - 2009-10-09 23:04 - 00000178 ___SH () D:\Documents and Settings\winslow\ntuser.ini
2014-09-18 04:16 - 2013-07-21 22:26 - 00000000 ____D () D:\WINDOWS\system32\MRT
2014-09-18 04:10 - 2009-10-10 02:01 - 98758480 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2014-09-18 04:10 - 2008-04-14 07:00 - 00000673 _____ () D:\WINDOWS\win.ini
2014-09-18 04:10 - 2008-04-14 07:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-09-18 01:38 - 2009-10-09 23:08 - 00000000 ___HD () D:\Program Files\InstallShield Installation Information
2014-09-18 01:15 - 2009-10-09 16:45 - 00000000 ____D () D:\WINDOWS\Help
2014-09-17 07:15 - 2009-10-09 23:03 - 00000000 __SHD () D:\Documents and Settings\LocalService
2014-09-17 07:15 - 2009-10-09 23:02 - 00000000 __SHD () D:\Documents and Settings\NetworkService
2014-09-17 07:11 - 2009-10-09 22:59 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-09-16 20:44 - 2014-08-25 11:32 - 00000000 ____D () D:\Documents and Settings\winslow\Local Settings\Application Data\Adobe
2014-09-16 20:28 - 2010-12-04 19:00 - 00000000 ____D () D:\WINDOWS\system32\NtmsData
2014-09-08 19:14 - 2009-11-10 22:56 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2014-09-08 11:29 - 2014-03-18 14:24 - 00000226 _____ () D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-08 11:29 - 2014-03-18 14:24 - 00000220 _____ () D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-04 21:42 - 2012-05-05 17:16 - 00393216 ___SH () D:\Documents and Settings\winslow\My Documents\Thumbs.db

Some content of TEMP:
====================
D:\Documents and Settings\winslow\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2014 01
Ran by winslow at 2014-10-04 18:14:16
Running from D:\Documents and Settings\winslow\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced IP Scanner 2.3 (HKLM\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)
AI Suite (HKLM\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.19 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BlackBerry Desktop Software 6.0.2 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.2.42 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.42 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
EVGA Precision 1.9.6 (HKLM\...\Precision) (Version: 1.9.6 - EVGA Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LightScribe Applications (HKLM\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
LightScribe System Software (HKLM\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Codec Pack 3.9.5 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5591 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{15B62A81-9030-478E-A467-26F6B8223866}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{16AF398F-0DE4-4CB1-A0A3-E58D6E34EF86}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{17CAD714-24C4-474E-97D4-4C5A50046791}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{184092C4-EA10-43A4-A109-40A6E2F2248C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6A}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6B}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{22FE1038-DEF4-4581-8F56-9E4D657D669C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{272D77A0-A852-4851-ADA4-9091FEAD4C86}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{2A55FF12-1657-41D7-9D2D-A2CDC6978FF2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{2F75E451-A88C-4939-BFE5-D92D48C102F2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{3A7AD31E-F164-4861-928B-4FE44092F5B8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Windows Mobile Connector\WinCEConnector.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{4578D46F-1AAF-4FA6-AD9C-401A97CFA291}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{5611AC6E-60BD-4C61-B1B2-793037310CA7}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{5F6FFE82-8B74-43BF-A583-EF4E3AEF9C3D}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\syncproxy.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{70F8BCC5-643D-445A-8362-DD6536A68514}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{73772CC1-3B62-49D8-844C-0C1CE3FAD942}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{75183C2F-8CE0-4C7B-B22A-38979D4E3275}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{78496FD9-A9D7-4F59-8934-84A5DC5679D8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\PDXlator.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{78A09728-E250-47CE-A383-0AADAA9359E2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7C21821C-4F7F-4F1B-A53E-D07B2800878A}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7C32A8A2-17B8-4925-9699-9863A9B7BCB8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7D08E09D-40AA-469A-8D01-DCCC7F5783C4}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8376CB5C-B66B-4678-AB07-03E5FDA2F04E}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\CXLServer1.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8566B372-D0F6-4136-8C5E-7E368EBC85B4}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8CBE7C53-2B83-48CC-A235-8B12C764FADF}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-14BD-4454-A619-96BA665B0992}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-6558-4327-AE70-E693767C40A0}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{9FC5E60A-0B81-4177-B84F-63ABF5B8C9C9}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A1BDD89E-DC7C-41FB-AD2D-A7D6C3B531F6}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A4DCA218-AC9E-4D1F-8600-C5B1F390D408}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A539FCC4-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A539FCC5-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A8786FBA-B1E0-41D8-9A3E-F56D4E226A51}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{B776FDAF-2388-42D0-8A7C-386E1BC2E19E}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\pdapi2.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BC4EB321-771F-4E9F-AF67-37C631ECA106}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BEB7FFE8-37BA-4849-AE26-7A10EF20A303}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{C197E022-262A-4306-A4D2-4B497F048514}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CF2521A7-4029-4CC1-8C6E-F82BD82BB343}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CF85704E-2B43-47E7-9B02-C8AF2694E2D0}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{D677B967-820F-4E84-B43A-118270FFFB80}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{E2159021-A507-48F9-9DF1-EC5AFDBA5066}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\PDAPI.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{E3AA9B8F-F8BF-4536-A3D8-B405A4C6B5AE}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Yahoo Connector\DCSXlator.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{F7EF9722-1DEA-4430-B830-C54B382FC90C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FC31293E-3239-4C12-8FC6-B2B09F62FA3F}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FC86AD6C-894A-44E9-A283-4B5A9DD6CA65}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FE5106C0-C8E6-4D53-880C-BED388E6FC75}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2012-08-04 00:29 - 00000027 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2012-05-25 01:18 - 2014-07-31 08:18 - 00301152 _____ () D:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-04 16:16 - 2014-10-04 16:16 - 02859008 _____ () D:\Program Files\AVAST Software\Avast\defs\14100401\algo.dll
2010-05-06 00:19 - 2012-05-15 05:18 - 01570624 _____ () D:\Program Files\NVIDIA Corporation\nView\nview.dll
2009-01-10 17:15 - 2009-01-10 17:15 - 00159744 _____ () D:\WINDOWS\system32\mmfinfo.dll
2009-11-14 13:11 - 2009-11-14 13:11 - 00024576 _____ () D:\WINDOWS\system32\mkunicode.dll
2010-08-10 20:55 - 2012-06-19 23:25 - 00302184 _____ () D:\Program Files\EVGA Precision\EVGAPrecision.exe
2010-08-09 12:51 - 2010-08-09 12:51 - 00061440 _____ () D:\Program Files\EVGA Precision\RTFC.dll
2010-08-09 12:51 - 2010-08-09 12:51 - 00229376 _____ () D:\Program Files\EVGA Precision\RTCore.dll
2010-08-09 12:51 - 2010-08-09 12:51 - 00139264 _____ () D:\Program Files\EVGA Precision\RTUI.dll
2010-08-09 12:52 - 2010-08-09 12:52 - 00258048 _____ () D:\Program Files\EVGA Precision\RTHAL.dll
2013-10-19 01:03 - 2014-07-31 08:18 - 19329904 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-24 21:47 - 2014-09-24 21:48 - 03715184 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Coby and Ali @ Ali's 10th b-day party.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo1.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\image004.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Justin, Amy, and, me.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\me.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Mikk.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\parade of lights.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\resignation.txt:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Resume.rtf:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\walt.JPG:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Ai Nap => "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
MSCONFIG\startupreg: APSDaemon => "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cpu Level Up help => "D:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
MSCONFIG\startupreg: ctfmon.exe => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FlashPlayerUpdate => D:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin
MSCONFIG\startupreg: ISUSPM => "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSConfig => D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: QFan Help => "D:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WrtMon.exe => D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1078081533-789336058-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-1078081533-789336058-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1078081533-789336058-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1078081533-789336058-1801674531-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1078081533-789336058-1801674531-1011 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
winslow (S-1-5-21-1078081533-789336058-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\winslow

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 04:12:27 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.


System errors:
=============
Error: (10/04/2014 01:51:20 PM) (Source: DCOM) (EventID: 10005) (User: MAIN)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}


Microsoft Office Sessions:
=========================
 

 

 

 

 

 

 

 

 

 

 

Link to post
Share on other sites

Also ran Malware bytes and here are the scan logs from it. Adwcleaner, and rkill:

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/04/2014
Scan Time: 05:32:26 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.04.11
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: winslow

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326552
Time Elapsed: 31 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 15:53:18
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : winslow - MAIN
# Running from : D:\Documents and Settings\winslow\desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : D:\Documents and Settings\winslow\Application Data\dvdvideosoftiehelpers
Folder Found : D:\Program Files\Free Offers from Freeze.com

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : D:\Documents and Settings\winslow\Application Data\Mozilla\Firefox\Profiles\pww37mqq.default-1410918357004\prefs.js ]


*************************

AdwCleaner[R0].txt - [2764 octets] - [04/10/2014 15:53:18]

########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [2824 octets] ##########

 

 

 

 

 

 

 

 

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2014 05:28:18 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * srservice => C:\WINDOWS\system32\srsvc.dll [incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 10/04/2014 05:28:47 PM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)


 

 

 

 

 

 

 

 

 

Link to post
Share on other sites

Okay, like I said, I am so ignorant when it comes to computers and I just realized I posted the two logs after the inital ones were completed because the program just kept starting over again.  Anyway, sorry about that and here are the first two logs.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by winslow (administrator) on MAIN on 04-10-2014 18:14:40
Running from D:\Documents and Settings\winslow\desktop
Loaded Profile: winslow (Available profiles: winslow & UpdatusUser)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) D:\WINDOWS\RTHDCPL.exe
() D:\Program Files\EVGA Precision\EVGAPrecision.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) D:\WINDOWS\system32\dllhost.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) D:\Program Files\Windows NT\Accessories\wordpad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => D:\WINDOWS\RTHDCPL.EXE [16859136 2008-03-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EVGAPrecision] => D:\Program Files\EVGA Precision\EVGAPrecision.exe [302184 2012-06-19] ()
HKLM\...\Run: [nwiz] => D:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoRecentDocsNetHood] 1
Lsa: [Notification Packages]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08527A84BFAFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 05 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.79.197.97 65.79.193.8

FireFox:
========
FF ProfilePath: D:\Documents and Settings\winslow\Application Data\Mozilla\Firefox\Profiles\pww37mqq.default-1410918357004
FF Homepage: yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

And the Additional log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2014 01
Ran by winslow at 2014-10-04 18:14:16
Running from D:\Documents and Settings\winslow\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced IP Scanner 2.3 (HKLM\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)
AI Suite (HKLM\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.19 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BlackBerry Desktop Software 6.0.2 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.2.42 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.42 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
EVGA Precision 1.9.6 (HKLM\...\Precision) (Version: 1.9.6 - EVGA Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LightScribe Applications (HKLM\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
LightScribe System Software (HKLM\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Codec Pack 3.9.5 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5591 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{15B62A81-9030-478E-A467-26F6B8223866}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{16AF398F-0DE4-4CB1-A0A3-E58D6E34EF86}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{17CAD714-24C4-474E-97D4-4C5A50046791}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{184092C4-EA10-43A4-A109-40A6E2F2248C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6A}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6B}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{22FE1038-DEF4-4581-8F56-9E4D657D669C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{272D77A0-A852-4851-ADA4-9091FEAD4C86}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{2A55FF12-1657-41D7-9D2D-A2CDC6978FF2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{2F75E451-A88C-4939-BFE5-D92D48C102F2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{3A7AD31E-F164-4861-928B-4FE44092F5B8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Windows Mobile Connector\WinCEConnector.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{4578D46F-1AAF-4FA6-AD9C-401A97CFA291}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{5611AC6E-60BD-4C61-B1B2-793037310CA7}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{5F6FFE82-8B74-43BF-A583-EF4E3AEF9C3D}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\syncproxy.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{70F8BCC5-643D-445A-8362-DD6536A68514}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{73772CC1-3B62-49D8-844C-0C1CE3FAD942}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{75183C2F-8CE0-4C7B-B22A-38979D4E3275}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{78496FD9-A9D7-4F59-8934-84A5DC5679D8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\PDXlator.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{78A09728-E250-47CE-A383-0AADAA9359E2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7C21821C-4F7F-4F1B-A53E-D07B2800878A}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7C32A8A2-17B8-4925-9699-9863A9B7BCB8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7D08E09D-40AA-469A-8D01-DCCC7F5783C4}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8376CB5C-B66B-4678-AB07-03E5FDA2F04E}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\CXLServer1.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8566B372-D0F6-4136-8C5E-7E368EBC85B4}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8CBE7C53-2B83-48CC-A235-8B12C764FADF}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-14BD-4454-A619-96BA665B0992}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-6558-4327-AE70-E693767C40A0}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{9FC5E60A-0B81-4177-B84F-63ABF5B8C9C9}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A1BDD89E-DC7C-41FB-AD2D-A7D6C3B531F6}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A4DCA218-AC9E-4D1F-8600-C5B1F390D408}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A539FCC4-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A539FCC5-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A8786FBA-B1E0-41D8-9A3E-F56D4E226A51}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{B776FDAF-2388-42D0-8A7C-386E1BC2E19E}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\pdapi2.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BC4EB321-771F-4E9F-AF67-37C631ECA106}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BEB7FFE8-37BA-4849-AE26-7A10EF20A303}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{C197E022-262A-4306-A4D2-4B497F048514}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CF2521A7-4029-4CC1-8C6E-F82BD82BB343}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CF85704E-2B43-47E7-9B02-C8AF2694E2D0}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{D677B967-820F-4E84-B43A-118270FFFB80}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{E2159021-A507-48F9-9DF1-EC5AFDBA5066}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\PDAPI.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{E3AA9B8F-F8BF-4536-A3D8-B405A4C6B5AE}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Yahoo Connector\DCSXlator.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{F7EF9722-1DEA-4430-B830-C54B382FC90C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FC31293E-3239-4C12-8FC6-B2B09F62FA3F}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FC86AD6C-894A-44E9-A283-4B5A9DD6CA65}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FE5106C0-C8E6-4D53-880C-BED388E6FC75}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2012-08-04 00:29 - 00000027 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2012-05-25 01:18 - 2014-07-31 08:18 - 00301152 _____ () D:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-04 16:16 - 2014-10-04 16:16 - 02859008 _____ () D:\Program Files\AVAST Software\Avast\defs\14100401\algo.dll
2010-05-06 00:19 - 2012-05-15 05:18 - 01570624 _____ () D:\Program Files\NVIDIA Corporation\nView\nview.dll
2009-01-10 17:15 - 2009-01-10 17:15 - 00159744 _____ () D:\WINDOWS\system32\mmfinfo.dll
2009-11-14 13:11 - 2009-11-14 13:11 - 00024576 _____ () D:\WINDOWS\system32\mkunicode.dll
2010-08-10 20:55 - 2012-06-19 23:25 - 00302184 _____ () D:\Program Files\EVGA Precision\EVGAPrecision.exe
2010-08-09 12:51 - 2010-08-09 12:51 - 00061440 _____ () D:\Program Files\EVGA Precision\RTFC.dll
2010-08-09 12:51 - 2010-08-09 12:51 - 00229376 _____ () D:\Program Files\EVGA Precision\RTCore.dll
2010-08-09 12:51 - 2010-08-09 12:51 - 00139264 _____ () D:\Program Files\EVGA Precision\RTUI.dll
2010-08-09 12:52 - 2010-08-09 12:52 - 00258048 _____ () D:\Program Files\EVGA Precision\RTHAL.dll
2013-10-19 01:03 - 2014-07-31 08:18 - 19329904 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-24 21:47 - 2014-09-24 21:48 - 03715184 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Coby and Ali @ Ali's 10th b-day party.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo1.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\image004.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Justin, Amy, and, me.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\me.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Mikk.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\parade of lights.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\resignation.txt:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Resume.rtf:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\walt.JPG:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Ai Nap => "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
MSCONFIG\startupreg: APSDaemon => "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cpu Level Up help => "D:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
MSCONFIG\startupreg: ctfmon.exe => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FlashPlayerUpdate => D:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin
MSCONFIG\startupreg: ISUSPM => "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSConfig => D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: QFan Help => "D:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WrtMon.exe => D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1078081533-789336058-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-1078081533-789336058-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1078081533-789336058-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1078081533-789336058-1801674531-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1078081533-789336058-1801674531-1011 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
winslow (S-1-5-21-1078081533-789336058-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\winslow

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 04:12:27 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.


System errors:
=============
Error: (10/04/2014 01:51:20 PM) (Source: DCOM) (EventID: 10005) (User: MAIN)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q9450 @ 2.66GHz
Percentage of memory in use: 26%
Total physical RAM: 3070.98 MB
Available physical RAM: 2269.48 MB
Total Pagefile: 7515.92 MB
Available Pagefile: 6858.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.13 GB) (Free:78.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:107.42 GB) (Free:71.98 GB) NTFS

==================== MBR & Partition Table ==================
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 0.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7C9C781D)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

 

I apologize again. And thank you for helping those of us that are idiots computer wise and donating your time and effort!

 

Link to post
Share on other sites

  • Root Admin

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

 

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.
 


Message borrowed from quietman7 with minor wording and link changes

Link to post
Share on other sites

Thank you for your reply.  I appreciate the heads up and will change all passwords from a clean computer.  Could you please shed light on how I may have gotten this infection, so I can make sure not to follow the same steps I have in the past.  This is a family used computer, so I will advise my family as well.

 

We are in the process of shopping for a new computer, but would like to salvage this one if I can without wiping everything off of it.  If not, I will do a clean install and go that route if need be, but I would like to try if possible.

 

Again, thank you for your reply and I will heed your advice regarding passwords and router passwords.  Again, thank you for your reply.

Link to post
Share on other sites

  • Root Admin

Very difficult to say how it got it for sure but often due to old or outdated plugin software or missing Windows updates. Flash, Java, Acrobat Reader are some of the more common ones that get old and compromised.

 

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

 

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/10/2014 12:43:06 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * srservice => C:\WINDOWS\system32\srsvc.dll [incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 10/10/2014 12:43:47 AM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)
 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/10/2014
Scan Time: 12:50:47 AM
Logfile:
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.10.10.03
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: winslow

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 169063
Time Elapsed: 6 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

RogueKiller V10.0.0.0 [Oct  8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : winslow [Administrator]
Mode : Scan -- Date : 10/10/2014  01:06:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR (\??\D:\DOCUME~1\winslow\LOCALS~1\Temp\mfe_rr.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVR0Dev (\??\D:\WINDOWS\nvoclock.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR (\??\D:\DOCUME~1\winslow\LOCALS~1\Temp\mfe_rr.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVR0Dev (\??\D:\WINDOWS\nvoclock.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR (\??\D:\DOCUME~1\winslow\LOCALS~1\Temp\mfe_rr.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0Dev (\??\D:\WINDOWS\nvoclock.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1078081533-789336058-1801674531-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1078081533-789336058-1801674531-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 65.79.197.97 65.79.193.8  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 65.79.197.97 65.79.193.8  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 65.79.197.97 65.79.193.8  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{45F14FCD-A638-4FE6-AF97-FED8C08C4D5F} | DhcpNameServer : 65.79.197.97 65.79.193.8  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{45F14FCD-A638-4FE6-AF97-FED8C08C4D5F} | DhcpNameServer : 65.79.197.97 65.79.193.8  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{45F14FCD-A638-4FE6-AF97-FED8C08C4D5F} | DhcpNameServer : 65.79.197.97 65.79.193.8  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1078081533-789336058-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[D:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤
[sSDT:Addr()] NtOpenProcess[122] : D:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xacb4f016
[sSDT:Addr()] NtOpenThread[128] : D:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xacb4f162
[Filter()] \Driver\atapi @ \Device\00000084 : \Driver\Imapi @ Unknown (\SystemRoot\system32\DRIVERS\serial.sys)
[Filter()] \Driver\atapi @ \Device\00000082 : \Driver\Imapi @ Unknown (\SystemRoot\system32\DRIVERS\serial.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] pww37mqq.default-1410918357004 : user_pref("browser.startup.homepage", "yahoo.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] d472e614137f8af41e08fc6c1bc9b936
[bSP] da694b9f8145495f28eba123c0ca36eb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 80003 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 225231 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10102014_010412.log

 

 

 

 

here are the logs...if I save files/pics that I need will they pose a risk if I save them to cd/dvd and put them on another computer?

Link to post
Share on other sites

  • Root Admin

Okay there are some process that appear to not be valid. Please run the following and we'll see about getting them removed and your computer cleaned up.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Ok, here are the scans you requested....

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Microsoft Windows XP x86
Ran by winslow on 10/16/2014 at  0:56:39.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "D:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "D:\Documents and Settings\winslow\Application Data\getrighttogo"



~~~ FireFox

Emptied folder: D:\Documents and Settings\winslow\Application Data\mozilla\firefox\profiles\pww37mqq.default-1410918357004\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/16/2014 at  1:00:19.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

# AdwCleaner v4.000 - Report created 16/10/2014 at 01:11:00
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : winslow - MAIN
# Running from : D:\Documents and Settings\winslow\desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2904 octets] - [04/10/2014 15:53:18]
AdwCleaner[R1].txt - [2874 octets] - [09/10/2014 23:13:53]
AdwCleaner[R2].txt - [2819 octets] - [16/10/2014 01:07:46]
AdwCleaner[s0].txt - [3077 octets] - [04/10/2014 16:09:14]
AdwCleaner[s1].txt - [2769 octets] - [16/10/2014 01:11:00]

########## EOF - D:\AdwCleaner\AdwCleaner[s1].txt - [2829 octets] ##########

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/16/2014
Scan Time: 01:23:30 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.16.02
Rootkit Database: v2014.10.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User:

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330377
Time Elapsed: 55 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Eset didn't find anything....I took a screen shot of it showing nothing found, if you need it let me know....and finally farbar:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 02
Ran by winslow (administrator) on MAIN on 16-10-2014 03:19:28
Running from D:\Documents and Settings\winslow\desktop
Loaded Profiles: winslow & UpdatusUser (Available profiles: winslow & UpdatusUser)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) D:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) D:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) D:\WINDOWS\system32\dllhost.exe
(Microsoft Corp., Veritas Software) D:\WINDOWS\system32\dmadmin.exe
(Realtek Semiconductor Corp.) D:\WINDOWS\RTHDCPL.exe
() D:\Program Files\EVGA Precision\EVGAPrecision.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) D:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => D:\WINDOWS\RTHDCPL.EXE [16859136 2008-03-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EVGAPrecision] => D:\Program Files\EVGA Precision\EVGAPrecision.exe [302184 2012-06-19] ()
HKLM\...\Run: [nwiz] => D:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => D:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoRecentDocsNetHood] 1
Lsa: [Notification Packages]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08527A84BFAFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 05 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.79.197.97 65.79.193.8

FireFox:
========
FF ProfilePath: D:\Documents and Settings\winslow\Application Data\Mozilla\Firefox\Profiles\pww37mqq.default-1410918357004
FF Homepage: yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-18] (SUPERAntiSpyware.com)
R2 6to4; D:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
S3 IDriverT; D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-16] (Oracle Corporation)
R2 LightScribeService; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S3 RoxLiveShare9; "D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S2 srservice; C:\WINDOWS\system32\srsvc.dll [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; D:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 aswHwid; D:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-31] ()
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-31] (AVAST Software)
R1 AswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-31] (AVAST Software)
R0 aswRvrt; D:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-31] ()
R1 aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-31] (AVAST Software)
R1 aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-31] (AVAST Software)
R1 aswTdi; D:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-31] (AVAST Software)
R0 aswVmm; D:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-31] ()
R1 ESProtectionDriver; D:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 L1e; D:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-02-02] (Atheros Communications, Inc.)
R1 mbamchameleon; D:\WINDOWS\system32\drivers\mbamchameleon.sys [51416 2014-10-09] (Malwarebytes Corporation)
R3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-16] (Malwarebytes Corporation)
R3 MTsensor; D:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 nm; D:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; D:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; D:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; D:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R1 pctgntdi; D:\WINDOWS\system32\drivers\pctgntdi.sys [233136 2009-10-30] (PC Tools)
S3 RT2500; D:\WINDOWS\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)
R3 RTCore32; D:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] () [File not signed]
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Tcpip6; D:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 catchme; \??\D:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MEMSWEEP2; \??\D:\WINDOWS\system32\1CF.tmp [X]
S3 MFE_RR; \??\D:\DOCUME~1\winslow\LOCALS~1\Temp\mfe_rr.sys [X]
S3 NVR0Dev; \??\D:\WINDOWS\nvoclock.sys [X]
S3 SABProcEnum; \??\D:\Program Files\Internet Explorer\SABProcEnum.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\D:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
U3 TlntSvr; No ImagePath
S3 WinRing0_1_2_0; \??\D:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 03:19 - 2014-10-16 03:19 - 00012382 _____ () D:\Documents and Settings\winslow\desktop\FRST.txt
2014-10-16 01:26 - 2014-10-16 01:26 - 00000000 ____D () D:\WINDOWS\LastGood
2014-10-16 01:26 - 2014-10-16 01:26 - 00000000 ____D () D:\Program Files\ESET
2014-10-16 01:16 - 2014-10-16 01:16 - 00002909 _____ () D:\Documents and Settings\winslow\desktop\AdwCleaner[s1].txt
2014-10-16 01:12 - 2014-10-16 01:12 - 00267008 _____ () D:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 01:00 - 2014-10-16 01:00 - 00000905 _____ () D:\Documents and Settings\winslow\desktop\JRT.txt
2014-10-16 00:56 - 2014-10-16 00:56 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-10-16 00:54 - 2014-10-16 00:54 - 01705698 _____ (Thisisu) D:\Documents and Settings\winslow\desktop\JRT.exe
2014-10-15 22:18 - 2014-10-15 22:18 - 00068768 _____ () D:\Documents and Settings\winslow\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-15 21:13 - 2014-10-16 01:26 - 00001620 _____ () D:\WINDOWS\setupapi.log
2014-10-15 09:10 - 2014-10-15 09:10 - 04035593 _____ () D:\Documents and Settings\winslow\My Documents\IMG_0498.MOV
2014-10-10 01:00 - 2014-10-10 01:04 - 00034808 _____ () D:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-10 01:00 - 2014-10-10 01:00 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\RogueKiller
2014-10-10 00:59 - 2014-10-10 00:59 - 15670360 _____ () D:\Documents and Settings\winslow\desktop\RogueKiller.exe
2014-10-10 00:47 - 2014-10-10 00:47 - 00000592 _____ () D:\Documents and Settings\winslow\desktop\ERUNT.lnk
2014-10-10 00:47 - 2014-10-10 00:47 - 00000000 ____D () D:\Program Files\ERUNT
2014-10-10 00:47 - 2014-10-10 00:47 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-10-10 00:44 - 2014-10-10 00:44 - 00791393 _____ (Lars Hederer ) D:\Documents and Settings\winslow\desktop\erunt-setup.exe
2014-10-10 00:42 - 2014-10-10 00:42 - 01944824 _____ (Bleeping Computer, LLC) D:\Documents and Settings\winslow\desktop\rkill.exe
2014-10-09 23:26 - 2014-10-11 15:46 - 00000000 ____D () D:\Documents and Settings\winslow\desktop\mbar
2014-10-09 23:07 - 2014-10-09 23:07 - 00000730 _____ () D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 23:07 - 2014-10-09 23:07 - 00000724 _____ () D:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-10-09 22:54 - 2014-10-15 05:13 - 00000777 _____ () D:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Exploit.lnk
2014-10-09 22:54 - 2014-10-11 05:18 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-10-09 22:54 - 2014-10-09 22:54 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Exploit
2014-10-09 22:54 - 2014-10-09 22:54 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-09 22:43 - 2014-10-09 22:43 - 14349744 _____ (Malwarebytes Corp.) D:\Documents and Settings\winslow\desktop\mbar-1.07.0.1012.exe
2014-10-04 18:12 - 2014-10-16 03:19 - 00000000 ____D () D:\FRST
2014-10-04 17:32 - 2014-10-16 01:20 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 17:31 - 2014-10-09 22:19 - 00051416 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-04 17:31 - 2014-10-04 17:31 - 00000777 _____ () D:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 17:31 - 2014-10-04 17:31 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-10-04 17:31 - 2014-10-04 17:31 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 17:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-10-04 17:10 - 2014-10-10 01:25 - 00007680 ___SH () D:\Documents and Settings\winslow\desktop\Thumbs.db
2014-10-04 17:01 - 2014-10-15 08:39 - 00007680 ___SH () D:\WINDOWS\Thumbs.db
2014-10-04 15:53 - 2014-10-16 01:11 - 00000000 ____D () D:\AdwCleaner
2014-10-04 15:51 - 2014-10-16 03:18 - 01102848 _____ (Farbar) D:\Documents and Settings\winslow\desktop\FRST.exe
2014-10-04 15:51 - 2014-10-16 01:06 - 01976320 _____ () D:\Documents and Settings\winslow\desktop\AdwCleaner.exe
2014-10-04 13:35 - 2014-10-04 13:35 - 00000000 ____D () D:\SUPERDelete
2014-09-24 21:47 - 2014-10-09 23:07 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-09-20 02:23 - 2014-09-20 04:37 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2014-09-18 04:29 - 2014-09-18 04:29 - 00000000 ____D () D:\Documents and Settings\UpdatusUser\Application Data\Apple Computer
2014-09-18 04:17 - 2014-09-18 04:17 - 00007179 _____ () D:\Documents and Settings\winslow\My Documents\free_av_9.0.2021_2014-9-17_5-26-11.avastconfig
2014-09-17 06:16 - 2014-10-16 00:57 - 00000000 ____D () D:\Program Files\Free Window Registry Repair
2014-09-16 20:11 - 2014-09-16 20:11 - 00096680 _____ (Oracle Corporation) D:\WINDOWS\system32\WindowsAccessBridge.dll
2014-09-16 20:11 - 2014-09-16 20:11 - 00000000 ____D () D:\Program Files\Common Files\Java
2014-09-16 20:11 - 2014-09-16 20:11 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-09-16 20:11 - 2014-09-16 20:10 - 00272808 _____ (Oracle Corporation) D:\WINDOWS\system32\javaws.exe
2014-09-16 20:11 - 2014-09-16 20:10 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\javaw.exe
2014-09-16 20:11 - 2014-09-16 20:10 - 00175528 _____ (Oracle Corporation) D:\WINDOWS\system32\java.exe
2014-09-16 20:11 - 2014-09-16 20:10 - 00145408 _____ (Oracle Corporation) D:\WINDOWS\system32\javacpl.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 03:19 - 2012-08-04 00:33 - 00000000 ____D () D:\Documents and Settings\winslow\Local Settings\temp
2014-10-16 02:20 - 2013-01-11 19:10 - 01703685 _____ () D:\WINDOWS\WindowsUpdate.log
2014-10-16 01:17 - 2010-01-17 02:18 - 00000000 ____D () D:\Program Files\EVGA Precision
2014-10-16 01:15 - 2009-10-09 22:58 - 00000000 ____D () D:\WINDOWS\Registration
2014-10-16 01:14 - 2013-04-15 19:13 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-10-16 01:14 - 2013-04-15 19:13 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-10-16 01:13 - 2009-10-09 23:03 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-10-16 01:13 - 2008-04-14 07:00 - 00013646 _____ () D:\WINDOWS\system32\wpa.dbl
2014-10-16 01:11 - 2013-04-18 09:08 - 00032562 _____ () D:\WINDOWS\SchedLgU.Txt
2014-10-16 01:11 - 2012-05-17 16:33 - 00065536 _____ () D:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-10-16 01:11 - 2011-11-30 19:22 - 00065536 _____ () D:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-16 01:11 - 2010-03-03 19:25 - 00065536 _____ () D:\WINDOWS\system32\config\ODiag.evt
2014-10-16 01:11 - 2009-10-10 02:02 - 00065536 _____ () D:\WINDOWS\system32\config\Internet.evt
2014-10-16 01:11 - 2009-10-09 23:04 - 00000178 ___SH () D:\Documents and Settings\winslow\ntuser.ini
2014-10-15 09:17 - 2010-03-13 17:32 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Apple Computer
2014-10-15 06:38 - 2008-04-14 07:00 - 00000435 _____ () D:\WINDOWS\system.ini
2014-10-13 00:30 - 2012-07-06 14:59 - 00000364 ____H () D:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-11 15:46 - 2013-12-17 00:27 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-10 19:36 - 2011-12-05 21:42 - 00002571 _____ () D:\Documents and Settings\winslow\desktop\Microsoft Calculator Plus.lnk
2014-10-10 01:34 - 2010-04-29 02:41 - 00017920 _____ () D:\Documents and Settings\winslow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-10 00:48 - 2012-06-05 22:40 - 00000000 ____D () D:\WINDOWS\ERDNT
2014-10-04 17:17 - 2009-11-05 11:07 - 00000754 _____ () D:\WINDOWS\WORDPAD.INI
2014-10-04 17:01 - 2012-06-14 03:04 - 00000000 ____D () D:\IE8
2014-10-04 16:15 - 2012-06-02 01:14 - 00000178 ___SH () D:\Documents and Settings\UpdatusUser\ntuser.ini
2014-10-04 16:14 - 2013-04-15 20:44 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-04 16:12 - 2012-08-05 04:40 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-04 16:12 - 2012-08-05 04:40 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-04 15:31 - 2010-03-13 17:34 - 00000000 ____D () D:\Documents and Settings\winslow\Application Data\Apple Computer
2014-10-04 13:35 - 2012-05-17 14:55 - 00000000 ____D () D:\Documents and Settings\winslow\Application Data\IObit
2014-10-04 13:34 - 2009-12-20 16:23 - 00000000 ____D () D:\Program Files\SUPERAntiSpyware
2014-10-02 01:02 - 2010-12-12 03:17 - 00002497 _____ () D:\Documents and Settings\winslow\desktop\Microsoft Office Word 2003.lnk
2014-09-30 09:00 - 2009-10-09 23:47 - 00000000 ____D () D:\Program Files\CCleaner
2014-09-18 04:16 - 2013-07-21 22:26 - 00000000 ____D () D:\WINDOWS\system32\MRT
2014-09-18 04:10 - 2009-10-10 02:01 - 98758480 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2014-09-18 04:10 - 2008-04-14 07:00 - 00000673 _____ () D:\WINDOWS\win.ini
2014-09-18 01:38 - 2009-10-09 23:08 - 00000000 ___HD () D:\Program Files\InstallShield Installation Information
2014-09-18 01:15 - 2009-10-09 16:45 - 00000000 ____D () D:\WINDOWS\Help
2014-09-17 07:15 - 2009-10-09 23:03 - 00000000 __SHD () D:\Documents and Settings\LocalService
2014-09-17 07:15 - 2009-10-09 23:02 - 00000000 __SHD () D:\Documents and Settings\NetworkService
2014-09-17 07:11 - 2009-10-09 22:59 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-09-16 20:44 - 2014-08-25 11:32 - 00000000 ____D () D:\Documents and Settings\winslow\Local Settings\Application Data\Adobe
2014-09-16 20:28 - 2010-12-04 19:00 - 00000000 ____D () D:\WINDOWS\system32\NtmsData

Some content of TEMP:
====================
D:\Documents and Settings\winslow\Local Settings\temp\Quarantine.exe
D:\Documents and Settings\winslow\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 02
Ran by winslow at 2014-10-16 03:20:10
Running from D:\Documents and Settings\winslow\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AI Suite (HKLM\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.19 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BlackBerry Desktop Software 6.0.2 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.2.42 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.42 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EVGA Precision 1.9.6 (HKLM\...\Precision) (Version: 1.9.6 - EVGA Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LightScribe Applications (HKLM\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
LightScribe System Software (HKLM\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Codec Pack 3.9.5 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5591 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{15B62A81-9030-478E-A467-26F6B8223866}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{16AF398F-0DE4-4CB1-A0A3-E58D6E34EF86}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{17CAD714-24C4-474E-97D4-4C5A50046791}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{184092C4-EA10-43A4-A109-40A6E2F2248C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6A}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E6B}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_aac_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{22FE1038-DEF4-4581-8F56-9E4D657D669C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{272D77A0-A852-4851-ADA4-9091FEAD4C86}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{2A55FF12-1657-41D7-9D2D-A2CDC6978FF2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{2F75E451-A88C-4939-BFE5-D92D48C102F2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{3A7AD31E-F164-4861-928B-4FE44092F5B8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Windows Mobile Connector\WinCEConnector.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{4578D46F-1AAF-4FA6-AD9C-401A97CFA291}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{5611AC6E-60BD-4C61-B1B2-793037310CA7}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{5F6FFE82-8B74-43BF-A583-EF4E3AEF9C3D}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\syncproxy.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{70F8BCC5-643D-445A-8362-DD6536A68514}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{73772CC1-3B62-49D8-844C-0C1CE3FAD942}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{75183C2F-8CE0-4C7B-B22A-38979D4E3275}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{78496FD9-A9D7-4F59-8934-84A5DC5679D8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\PDXlator.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{78A09728-E250-47CE-A383-0AADAA9359E2}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7C21821C-4F7F-4F1B-A53E-D07B2800878A}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7C32A8A2-17B8-4925-9699-9863A9B7BCB8}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{7D08E09D-40AA-469A-8D01-DCCC7F5783C4}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_samplerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8376CB5C-B66B-4678-AB07-03E5FDA2F04E}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\CXLServer1.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8566B372-D0F6-4136-8C5E-7E368EBC85B4}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{8CBE7C53-2B83-48CC-A235-8B12C764FADF}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-14BD-4454-A619-96BA665B0992}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-6558-4327-AE70-E693767C40A0}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_avc_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{9FC5E60A-0B81-4177-B84F-63ABF5B8C9C9}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A1BDD89E-DC7C-41FB-AD2D-A7D6C3B531F6}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A4DCA218-AC9E-4D1F-8600-C5B1F390D408}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A539FCC4-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A539FCC5-AB2E-4307-BFBD-634DE69ACD78}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{A8786FBA-B1E0-41D8-9A3E-F56D4E226A51}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{B776FDAF-2388-42D0-8A7C-386E1BC2E19E}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\pdapi2.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BC4EB321-771F-4E9F-AF67-37C631ECA106}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{BEB7FFE8-37BA-4849-AE26-7A10EF20A303}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_imagescaler_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{C197E022-262A-4306-A4D2-4B497F048514}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CF2521A7-4029-4CC1-8C6E-F82BD82BB343}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_render_fileindex_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{CF85704E-2B43-47E7-9B02-C8AF2694E2D0}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_colorspace_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{D677B967-820F-4E84-B43A-118270FFFB80}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp2v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{E2159021-A507-48F9-9DF1-EC5AFDBA5066}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Data Migration Wizard\Connectors\Palm Desktop\PDAPI.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{E3AA9B8F-F8BF-4536-A3D8-B405A4C6B5AE}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\IntelliSync\Connectors\Yahoo Connector\DCSXlator.dll (Nokia Corporation.)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{F7EF9722-1DEA-4430-B830-C54B382FC90C}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FC31293E-3239-4C12-8FC6-B2B09F62FA3F}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FC86AD6C-894A-44E9-A283-4B5A9DD6CA65}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mp4v_ds.ax (MainConcept GmbH)
CustomCLSID: HKU\S-1-5-21-1078081533-789336058-1801674531-1005_Classes\CLSID\{FE5106C0-C8E6-4D53-880C-BED388E6FC75}\InprocServer32 -> D:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_audio_converter_ds.ax (MainConcept GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2012-08-04 00:29 - 00000027 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2012-05-25 01:18 - 2014-07-31 08:18 - 00301152 _____ () D:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-15 16:17 - 2014-10-15 16:17 - 02874368 _____ () D:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-06 00:19 - 2012-05-15 05:18 - 01570624 _____ () D:\Program Files\NVIDIA Corporation\nView\nview.dll
2009-01-10 17:15 - 2009-01-10 17:15 - 00159744 _____ () D:\WINDOWS\system32\mmfinfo.dll
2009-11-14 13:11 - 2009-11-14 13:11 - 00024576 _____ () D:\WINDOWS\system32\mkunicode.dll
2010-05-06 00:19 - 2012-05-15 05:18 - 00357184 _____ () D:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2008-04-14 07:00 - 2013-01-02 01:49 - 01292288 _____ () D:\WINDOWS\system32\quartz.dll
2009-11-14 13:12 - 2009-11-14 13:12 - 00550400 _____ () D:\WINDOWS\system32\splitter.ax
2009-11-14 13:11 - 2009-11-14 13:11 - 00080384 _____ () D:\WINDOWS\system32\mkzlib.dll
2009-11-14 13:11 - 2009-11-14 13:11 - 00150016 _____ () D:\WINDOWS\system32\mkx.dll
2009-11-14 13:11 - 2009-11-14 13:11 - 00141824 _____ () D:\WINDOWS\system32\mp4.dll
2010-08-10 20:55 - 2012-06-19 23:25 - 00302184 _____ () D:\Program Files\EVGA Precision\EVGAPrecision.exe
2010-08-09 12:51 - 2010-08-09 12:51 - 00061440 _____ () D:\Program Files\EVGA Precision\RTFC.dll
2010-08-09 12:51 - 2010-08-09 12:51 - 00229376 _____ () D:\Program Files\EVGA Precision\RTCore.dll
2010-08-09 12:51 - 2010-08-09 12:51 - 00139264 _____ () D:\Program Files\EVGA Precision\RTUI.dll
2010-08-09 12:52 - 2010-08-09 12:52 - 00258048 _____ () D:\Program Files\EVGA Precision\RTHAL.dll
2013-10-19 01:03 - 2014-07-31 08:18 - 19329904 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-09 23:06 - 2014-09-24 00:09 - 03715184 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Coby and Ali @ Ali's 10th b-day party.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo1.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\image004.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Justin, Amy, and, me.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\me.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Mikk.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\parade of lights.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\resignation.txt:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Resume.rtf:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\walt.JPG:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg:  (A0) => cmd /c "D:\Documents and Settings\winslow\Desktop\mbar\mbar.exe" /rdv /s
MSCONFIG\startupreg: Adobe ARM => "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Ai Nap => "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
MSCONFIG\startupreg: APSDaemon => "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Cpu Level Up help => "D:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
MSCONFIG\startupreg: ctfmon.exe => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FlashPlayerUpdate => D:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin
MSCONFIG\startupreg: ISUSPM => "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSConfig => D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: QFan Help => "D:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WrtMon.exe => D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1078081533-789336058-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-1078081533-789336058-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1078081533-789336058-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1078081533-789336058-1801674531-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1078081533-789336058-1801674531-1011 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
winslow (S-1-5-21-1078081533-789336058-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\winslow

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 01:14:06 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (10/16/2014 00:57:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17


System errors:
=============
Error: (10/15/2014 08:36:21 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 002215202F7D has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (10/15/2014 07:27:30 AM) (Source: DCOM) (EventID: 10005) (User: MAIN)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (10/12/2014 05:56:01 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 002215202F7D has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (10/12/2014 00:35:22 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 002215202F7D has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q9450 @ 2.66GHz
Percentage of memory in use: 30%
Total physical RAM: 3070.98 MB
Available physical RAM: 2145.83 MB
Total Pagefile: 7515.92 MB
Available Pagefile: 6687.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.13 GB) (Free:78.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:107.42 GB) (Free:72.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7C9C781D)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

Thank you again for your help and patience...

 

 

 

Link to post
Share on other sites

  • Root Admin

No problem, you're quite welcome.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2014 02
Ran by winslow at 2014-10-16 04:03:35 Run:1
Running from D:\Documents and Settings\winslow\desktop
Loaded Profiles: winslow & UpdatusUser (Available profiles: winslow & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
R2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-16] (Oracle Corporation)
S3 RoxLiveShare9; "D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S2 srservice; C:\WINDOWS\system32\srsvc.dll [X]
S3 MEMSWEEP2; \??\D:\WINDOWS\system32\1CF.tmp [X]
S3 MFE_RR; \??\D:\DOCUME~1\winslow\LOCALS~1\Temp\mfe_rr.sys [X]
S3 WinRing0_1_2_0; \??\D:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
D:\Documents and Settings\winslow\Local Settings\temp\Quarantine.exe
D:\Documents and Settings\winslow\Local Settings\temp\sqlite3.dll
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Coby and Ali @ Ali's 10th b-day party.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo1.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\image004.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Justin, Amy, and, me.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\me.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Mikk.JPG:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\parade of lights.jpg:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\resignation.txt:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\Resume.rtf:Roxio EMC Stream
AlternateDataStreams: D:\Documents and Settings\winslow\My Documents\walt.JPG:Roxio EMC Stream
EmptyTemp:
Reboot:

*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
HKU\S-1-5-21-1078081533-789336058-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsNetHood => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => Key not found.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2" => Key deleted successfully.
D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2" => Key deleted successfully.
D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
JavaQuickStarterService => Service stopped successfully.
JavaQuickStarterService => Service deleted successfully.
RoxLiveShare9 => Service deleted successfully.
srservice => Service deleted successfully.
MEMSWEEP2 => Service deleted successfully.
MFE_RR => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
D:\Documents and Settings\winslow\Local Settings\temp\Quarantine.exe => Moved successfully.
D:\Documents and Settings\winslow\Local Settings\temp\sqlite3.dll => Moved successfully.
D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
D:\Documents and Settings\winslow\My Documents\Coby and Ali @ Ali's 10th b-day party.JPG => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo.JPG => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo1.JPG => ":Roxio EMC Stream" ADS removed successfully.
"D:\Documents and Settings\winslow\My Documents\image004.jpg" => ":Roxio EMC Stream" ADS not found.
D:\Documents and Settings\winslow\My Documents\Justin, Amy, and, me.JPG => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\me.jpg => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\Mikk.JPG => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\parade of lights.jpg => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\resignation.txt => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\Resume.rtf => ":Roxio EMC Stream" ADS removed successfully.
D:\Documents and Settings\winslow\My Documents\walt.JPG => ":Roxio EMC Stream" ADS removed successfully.
EmptyTemp: => Removed 35 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Okay, late here so will have to check back on you again sometime tomorrow.

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
Next:

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Next,

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Okay, thanks for the help tonight, or I guess I should say this morning...Here are the logs you requested:

 

 

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Oct 16 04:28:23 2014

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_16

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_17

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_18

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_19

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_20

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_21

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_22

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_23

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_24

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_25

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.6.0_26

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_02

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_03

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_04

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_05

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_07

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_09

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_10

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_15

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_17

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_21

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_25

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_40

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_45

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_51

Found and removed: D:\Documents and Settings\winslow\Application Data\Sun\Java\jre1.7.0_55

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SYSTEM\ControlSet001\Services\Eventlog\Application\JavaQuickStarterService

Found and removed: SOFTWARE\Classes\JavaPlugin.10402

Found and removed: SOFTWARE\Classes\JavaPlugin.10512

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Oct 16 04:31:08 2014

------------------------------------

Finished reporting.

 

 

 

 

 

 

 

 

and ComboFix:

 

 

 

ComboFix 14-10-15.01 - winslow 10/16/2014   4:43.2.4 - x86
Running from: d:\documents and settings\winslow\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\program files\Internet Explorer\SET198.tmp
d:\program files\Internet Explorer\SET199.tmp
d:\program files\Internet Explorer\SET2.tmp
d:\program files\Internet Explorer\SET3.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-16 to 2014-10-16  )))))))))))))))))))))))))))))))
.
.
2014-10-16 09:17 . 2012-05-05 00:29    772504    ----a-w-    d:\windows\system32\npDeployJava1.dll
2014-10-16 09:17 . 2012-05-05 00:29    687504    ----a-w-    d:\windows\system32\deployJava1.dll
2014-10-16 06:26 . 2014-10-16 06:26    --------    d-----w-    d:\program files\ESET
2014-10-16 05:56 . 2014-10-16 05:56    --------    d-----w-    d:\windows\ERUNT
2014-10-10 06:00 . 2014-10-10 06:04    34808    ----a-w-    d:\windows\system32\drivers\TrueSight.sys
2014-10-10 06:00 . 2014-10-10 06:00    --------    d-----w-    d:\documents and settings\All Users\Application Data\RogueKiller
2014-10-10 05:47 . 2014-10-10 05:47    --------    d-----w-    d:\program files\ERUNT
2014-10-10 03:54 . 2014-10-11 10:18    --------    d-----w-    d:\documents and settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-10-10 03:54 . 2014-10-10 03:54    --------    d-----w-    d:\program files\Malwarebytes Anti-Exploit
2014-10-04 23:12 . 2014-10-16 09:04    --------    d-----w-    D:\FRST
2014-10-04 22:32 . 2014-10-16 08:50    110296    ----a-w-    d:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-04 22:31 . 2014-10-10 03:19    51416    ----a-w-    d:\windows\system32\drivers\mbamchameleon.sys
2014-10-04 22:31 . 2014-10-04 22:31    --------    d-----w-    d:\program files\Malwarebytes Anti-Malware
2014-10-04 22:31 . 2014-05-12 12:25    23256    ----a-w-    d:\windows\system32\drivers\mbam.sys
2014-10-04 20:53 . 2014-10-16 06:11    --------    d-----w-    D:\AdwCleaner
2014-10-04 18:35 . 2014-10-04 18:35    --------    d-----w-    D:\SUPERDelete
2014-09-18 09:29 . 2014-09-18 09:29    --------    d-----w-    d:\documents and settings\UpdatusUser\Application Data\Apple Computer
2014-09-17 11:16 . 2014-10-16 05:57    --------    d-----w-    d:\program files\Free Window Registry Repair
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-04 21:12 . 2012-08-05 09:40    71344    ----a-w-    d:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-04 21:12 . 2012-08-05 09:40    701104    ----a-w-    d:\windows\system32\FlashPlayerApp.exe
2014-09-05 09:53 . 2014-09-05 09:45    102    ----a-w-    d:\documents and settings\winslow\advanced_ip_scanner_MAC.bin
2014-07-31 13:18 . 2012-05-25 06:19    414520    ----a-w-    d:\windows\system32\drivers\aswsp.sys
2014-07-31 13:18 . 2014-07-31 13:18    24184    ----a-w-    d:\windows\system32\drivers\aswHwid.sys
2014-07-31 13:18 . 2013-03-20 02:39    67824    ----a-w-    d:\windows\system32\drivers\aswMonFlt.sys
2014-07-31 13:18 . 2013-03-20 02:39    49944    ----a-w-    d:\windows\system32\drivers\aswRvrt.sys
2014-07-31 13:18 . 2013-03-20 02:39    192352    ----a-w-    d:\windows\system32\drivers\aswVmm.sys
2014-07-31 13:18 . 2012-05-25 06:19    57800    ----a-w-    d:\windows\system32\drivers\aswTdi.sys
2014-07-31 13:18 . 2012-05-25 06:19    55112    ----a-w-    d:\windows\system32\drivers\aswRdr.sys
2014-07-31 13:18 . 2012-05-25 06:19    779536    ----a-w-    d:\windows\system32\drivers\aswSnx.sys
2014-07-31 13:18 . 2014-07-31 13:18    43152    ----a-w-    d:\windows\avastSS.scr
2014-07-31 13:18 . 2012-05-25 06:18    276432    ----a-w-    d:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-31 13:18    578240    ----a-w-    d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="d:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"EVGAPrecision"="d:\program files\EVGA Precision\EVGAPrecision.exe" [2012-06-20 302184]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2012-05-15 1634112]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Malwarebytes Anti-Exploit"="d:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2014-08-29 440632]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ (A0)]
2014-06-03 04:44    1184056    ----a-w-    d:\documents and settings\winslow\desktop\mbar\mbar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
2009-07-02 01:23    1435136    ----a-w-    d:\program files\ASUS\AI Suite\AiNap\AiNap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 17:15    43816    ----a-w-    d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-09-26 14:04    4811032    ----a-w-    d:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
2007-12-01 01:03    881152    ----a-w-    d:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00    15360    ----a-w-    d:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 10:40    218032    ----a-w-    d:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 21:18    152392    ----a-w-    d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 12:00    169984    ----a-w-    d:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-05-15 09:40    15504192    ----a-w-    d:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-05-15 09:40    108352    ----a-w-    d:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QFan Help]
2009-07-02 01:19    601088    ----a-w-    d:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59    421888    ----a-w-    d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 13:35    20480    ----a-w-    d:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 TfFsMon;TfFsMon;d:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;d:\windows\system32\drivers\TfSysMon.sys [x]
R2 WinDefend;Windows Defender;d:\windows\System32\svchost.exe [2008-04-14 14336]
R3 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-09-18 142648]
R3 TfNetMon;TfNetMon;d:\windows\system32\drivers\TfNetMon.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2014-07-31 779536]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2014-07-31 414520]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;d:\program files\Malwarebytes Anti-Exploit\mbae.sys [2014-08-31 47896]
S1 mbamchameleon;mbamchameleon;d:\windows\system32\drivers\mbamchameleon.sys [2014-10-10 51416]
S1 pctgntdi;pctgntdi;d:\windows\system32\drivers\pctgntdi.sys [2009-10-30 233136]
S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 aswHwid;avast! HardwareID;d:\windows\system32\drivers\aswHwid.sys [2014-07-31 24184]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2014-07-31 67824]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;d:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-08-29 441144]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S3 RTCore32;RTCore32;d:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 17:06    451872    ----a-w-    d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-04 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 21:14]
.
2014-10-13 d:\windows\Tasks\avast! Emergency Update.job
- d:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-31 13:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 65.79.197.97 65.79.193.8
FF - ProfilePath - d:\documents and settings\winslow\Application Data\Mozilla\Firefox\Profiles\pww37mqq.default-1410918357004\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-Advanced SystemCare 6 - d:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-FlashPlayerUpdate - d:\windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-SunJavaUpdateSched - d:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-16 04:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-789336058-1801674531-1005\Software\SecuROM\License information*]
"datasecu"=hex:01,10,7f,b4,d7,67,b0,af,a5,48,3c,bd,f8,68,92,83,7d,76,5d,6d,ff,
   85,81,47,d9,67,0a,d1,be,35,c2,18,79,13,59,d2,2d,fe,24,f0,b5,73,8a,fd,fb,20,\
"rkeysecu"=hex:3c,71,b9,9d,6a,86,d5,70,ba,78,9c,8c,55,1a,9d,13
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="d:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@d:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@d:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="d:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="d:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@d:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@d:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="d:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2216)
d:\windows\system32\WININET.dll
d:\program files\NVIDIA Corporation\nView\nview.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\IEFRAME.dll
d:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
d:\windows\system32\mshtml.dll
d:\windows\system32\msls31.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\LightScribe\LSSrvc.exe
d:\windows\system32\nvsvc32.exe
d:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
d:\windows\system32\dllhost.exe
d:\windows\RTHDCPL.EXE
d:\windows\system32\rundll32.exe
d:\windows\system32\dllhost.exe
d:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2014-10-16  04:59:06 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-16 09:58
ComboFix2.txt  2012-08-04 05:33
.
Pre-Run: 78,370,279,424 bytes free
Post-Run: 78,235,910,144 bytes free
.
- - End Of File - - CD63839026083D0241DEF8D661560E08
8F558EB6672622401DA993E1E865C861



 

Link to post
Share on other sites

  • Root Admin

Okay, heading out. Please run this one and I'll check back tomorrow.

panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.

Don't forget to re-enable your switched-off protection software!

After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.

Link to post
Share on other sites

Sounds good, get some rest, about to do the same.  Here is the log:

 

 

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sHOWSUPERHIDDEN] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sUPERHIDDEN] to be changed to: 0

Suspicious Policy. POLICY: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER[ANTIVIRUSOVERRIDE] to be changed to: 0

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
 

Link to post
Share on other sites

  • Root Admin

Let Panda fix those items.

How is the computer running now?

Are there still any signs of an infection?

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

The computer seems to be running better, or did until I got home from work tonight and the Avast a/v said the scan was complete and "threat detected."  When I clicked on show results, the desktop went blank and the computer slowed down.  Nothing would work, not even task manager.  I restarted the computer and performed what you asked.  Also the system restore is inactive for some reason.  Anyway, here are they logs you asked for;  Thank you for your help again, it's not taken for granted!

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by winslow (administrator) on 17-10-2014 at 02:39:50
Running from "D:\Documents and Settings\winslow\desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
 Windows IP Configuration  Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [MAIN]. Some commands may not be available.


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=NONE
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


 Windows IP Configuration          Host Name . . . . . . . . . . . . : Main         Primary Dns Suffix  . . . . . . . :          Node Type . . . . . . . . . . . . : Unknown         IP Routing Enabled. . . . . . . . : No         WINS Proxy Enabled. . . . . . . . : No         DNS Suffix Search List. . . . . . : ptsi.net  Ethernet adapter Local Area Connection:          Connection-specific DNS Suffix  . : ptsi.net         Description . . . . . . . . . . . : Atheros AR8121/AR8113 PCI-E Ethernet Controller         Physical Address. . . . . . . . . : 00-22-15-20-2F-7D         Dhcp Enabled. . . . . . . . . . . : Yes         Autoconfiguration Enabled . . . . : Yes         IP Address. . . . . . . . . . . . : 192.168.1.102         Subnet Mask . . . . . . . . . . . : 255.255.255.0         IP Address. . . . . . . . . . . . : fe80::222:15ff:fe20:2f7d%4         Default Gateway . . . . . . . . . : 192.168.1.1         DHCP Server . . . . . . . . . . . : 192.168.1.1         DNS Servers . . . . . . . . . . . : 65.79.197.97                                             65.79.193.8                                             fec0:0:0:ffff::1%1                                             fec0:0:0:ffff::2%1                                             fec0:0:0:ffff::3%1         Lease Obtained. . . . . . . . . . : October 17, 2014 01:48:18 AM         Lease Expires . . . . . . . . . . : October 18, 2014 01:48:18 AM  Tunnel adapter Teredo Tunneling Pseudo-Interface:          Connection-specific DNS Suffix  . :          Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface         Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF         Dhcp Enabled. . . . . . . . . . . : No         IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5         Default Gateway . . . . . . . . . :          NetBIOS over Tcpip. . . . . . . . : Disabled  Tunnel adapter Automatic Tunneling Pseudo-Interface:          Connection-specific DNS Suffix  . : ptsi.net         Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface         Physical Address. . . . . . . . . : C0-A8-01-66         Dhcp Enabled. . . . . . . . . . . : No         IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2         Default Gateway . . . . . . . . . :          DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1                                             fec0:0:0:ffff::2%1                                             fec0:0:0:ffff::3%1         NetBIOS over Tcpip. . . . . . . . : Disabled Server:  dns.ptsi.net
Address:  65.79.197.97

Name:    google.com
Addresses:  173.194.115.66, 173.194.115.64, 173.194.115.71, 173.194.115.72
      173.194.115.68, 173.194.115.78, 173.194.115.65, 173.194.115.73, 173.194.115.70
      173.194.115.67, 173.194.115.69

 Pinging google.com [173.194.115.64] with 32 bytes of data:  Reply from 173.194.115.64: bytes=32 time=34ms TTL=52 Reply from 173.194.115.64: bytes=32 time=29ms TTL=52  Ping statistics for 173.194.115.64:     Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 29ms, Maximum = 34ms, Average = 31ms Server:  dns.ptsi.net
Address:  65.79.197.97

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24

 Pinging yahoo.com [206.190.36.45] with 32 bytes of data:  Reply from 206.190.36.45: bytes=32 time=50ms TTL=50 Reply from 206.190.36.45: bytes=32 time=46ms TTL=50  Ping statistics for 206.190.36.45:     Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 46ms, Maximum = 50ms, Average = 48ms  Pinging 127.0.0.1 with 32 bytes of data:  Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128  Ping statistics for 127.0.0.1:     Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 0ms, Maximum = 0ms, Average = 0ms ===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 22 15 20 2f 7d ...... Atheros AR8121/AR8113 PCI-E Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.102      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0    192.168.1.102   192.168.1.102      20
      192.168.1.0    255.255.255.0    192.168.1.102   192.168.1.102      20
    192.168.1.102  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.102   192.168.1.102      20
        224.0.0.0        240.0.0.0    192.168.1.102   192.168.1.102      20
  255.255.255.255  255.255.255.255    192.168.1.102   192.168.1.102      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 D:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 D:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 D:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 D:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 29 D:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/17/2014 01:49:17 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (10/16/2014 04:53:58 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (10/16/2014 04:34:49 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (10/16/2014 04:30:16 AM) (Source: Application Error) (User: )
Description: Faulting application javara.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [javara.exe!ws!]

Error: (10/16/2014 04:28:26 AM) (Source: Application Error) (User: )
Description: Faulting application javara.exe, version 1.16.1.1763, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [javara.exe!ws!]

Error: (10/16/2014 04:28:12 AM) (Source: Application Error) (User: )
Description: Faulting application javara.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [javara.exe!ws!]

Error: (10/16/2014 04:07:58 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (10/16/2014 01:14:06 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (10/16/2014 00:57:11 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/15/2014 08:49:28 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24


System errors:
=============
Error: (10/17/2014 01:46:58 AM) (Source: DCOM) (User: MAIN)
Description: Unable to start a DCOM Server: {88F5E7B2-09B9-471E-895A-25247585905C} as /.
The error:
"%%1450"
Happened while starting this command:
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding

Error: (10/17/2014 01:30:58 AM) (Source: DCOM) (User: MAIN)
Description: Unable to start a DCOM Server: {88F5E7B2-09B9-471E-895A-25247585905C} as /.
The error:
"%%1450"
Happened while starting this command:
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding

Error: (10/17/2014 01:22:58 AM) (Source: DCOM) (User: MAIN)
Description: Unable to start a DCOM Server: {88F5E7B2-09B9-471E-895A-25247585905C} as /.
The error:
"%%193"
Happened while starting this command:
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding

Error: (10/17/2014 01:18:58 AM) (Source: DCOM) (User: MAIN)
Description: Unable to start a DCOM Server: {88F5E7B2-09B9-471E-895A-25247585905C} as /.
The error:
"%%193"
Happened while starting this command:
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding

Error: (10/17/2014 01:16:57 AM) (Source: DCOM) (User: MAIN)
Description: Unable to start a DCOM Server: {88F5E7B2-09B9-471E-895A-25247585905C} as /.
The error:
"%%1450"
Happened while starting this command:
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding

Error: (10/17/2014 01:15:58 AM) (Source: DCOM) (User: MAIN)
Description: Unable to start a DCOM Server: {88F5E7B2-09B9-471E-895A-25247585905C} as /.
The error:
"%%193"
Happened while starting this command:
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding

Error: (10/16/2014 00:36:03 PM) (Source: 0) (User: )
Description: 0xC000009ALogging.logHarddiskVolume2

Error: (10/15/2014 08:36:21 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 002215202F7D has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (10/15/2014 07:27:30 AM) (Source: DCOM) (User: MAIN)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (10/12/2014 05:56:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 002215202F7D has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================


=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AI Suite (HKLM\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.19 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BlackBerry Desktop Software 6.0.2 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.2.42 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.42 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EVGA Precision 1.9.6 (HKLM\...\Precision) (Version: 1.9.6 - EVGA Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
LightScribe Applications (HKLM\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
LightScribe System Software (HKLM\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Codec Pack 3.9.5 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5591 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

========================= Devices: ================================

Could not list devices.

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 3070.98 MB
Available physical RAM: 2510.76 MB
Total Pagefile: 7515.92 MB
Available Pagefile: 7093.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.37 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:78.13 GB) (Free:78.04 GB) NTFS
2 Drive d: () (Fixed) (Total:107.42 GB) (Free:72.66 GB) NTFS

========================= Users: ========================================

User accounts for \\MAIN

Administrator            Guest                    HelpAssistant            
SUPPORT_388945a0         UpdatusUser              winslow                  

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.89  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Free Antivirus    
 ESET Online Scanner v3   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 CCleaner     
 Panda Cloud Cleaner   
 Adobe Flash Player     15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Hello, sorry just got in from work.  I don't think there are any issues relating to an infection, but being the super-noob that I am when it comes to computers, I probably wouldn't know anyway.

 

 

Computer seems to be running good, firefox still takes a while to start but other than that all seems pretty good...again, want to tank you for your help!  Just out of curiosity, what is that name of the virus, trojan or rootkit, that I had.  Just sheer curiousity on my part.  Thank you again!

Link to post
Share on other sites

  • Root Admin

The rookit is called ZeroAccess

 

Let's run a couple more scans just to make sure before we close up here.

 

 

 

Please read the following article concerning the use of MSCONFIG which should be set to NORMAL
Msconfig Is Not A Startup Manager
 

 

Go ahead and run the following.

 

 

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

Alright sir, here are the logs:

 

 

03:12:41.0953 0x0ea4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
03:12:46.0234 0x0ea4  ============================================================
03:12:46.0234 0x0ea4  Current date / time: 2014/10/22 03:12:46.0234
03:12:46.0234 0x0ea4  SystemInfo:
03:12:46.0234 0x0ea4  
03:12:46.0234 0x0ea4  OS Version: 5.1.2600 ServicePack: 3.0
03:12:46.0234 0x0ea4  Product type: Workstation
03:12:46.0234 0x0ea4  ComputerName: MAIN
03:12:46.0234 0x0ea4  UserName: winslow
03:12:46.0234 0x0ea4  Windows directory: D:\WINDOWS
03:12:46.0234 0x0ea4  System windows directory: D:\WINDOWS
03:12:46.0234 0x0ea4  Processor architecture: Intel x86
03:12:46.0234 0x0ea4  Number of processors: 4
03:12:46.0234 0x0ea4  Page size: 0x1000
03:12:46.0234 0x0ea4  Boot type: Normal boot
03:12:46.0234 0x0ea4  ============================================================
03:12:48.0765 0x0ea4  KLMD registered as D:\WINDOWS\system32\drivers\10659862.sys
03:12:49.0546 0x0ea4  System UUID: {CC3AE3A8-B75B-A059-AB31-5743C2CC12AA}
03:12:51.0312 0x0ea4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:12:51.0312 0x0ea4  ============================================================
03:12:51.0312 0x0ea4  \Device\Harddisk0\DR0:
03:12:51.0312 0x0ea4  MBR partitions:
03:12:51.0312 0x0ea4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
03:12:51.0328 0x0ea4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0xD6D7DC8
03:12:51.0343 0x0ea4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x1731995D, BlocksNum 0xE10FEA3
03:12:51.0343 0x0ea4  ============================================================
03:12:51.0406 0x0ea4  C: <-> \Device\Harddisk0\DR0\Partition1
03:12:51.0437 0x0ea4  D: <-> \Device\Harddisk0\DR0\Partition2
03:12:51.0437 0x0ea4  ============================================================
03:12:51.0437 0x0ea4  Initialize success
03:12:51.0437 0x0ea4  ============================================================
03:12:59.0890 0x0980  KLMD registered as D:\WINDOWS\system32\drivers\25566273.sys
03:13:01.0421 0x0980  Deinitialize success
 

Link to post
Share on other sites

03:16:05.0531 0x0160  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
03:16:06.0031 0x0160  ============================================================
03:16:06.0031 0x0160  Current date / time: 2014/10/22 03:16:06.0031
03:16:06.0031 0x0160  SystemInfo:
03:16:06.0031 0x0160  
03:16:06.0031 0x0160  OS Version: 5.1.2600 ServicePack: 3.0
03:16:06.0031 0x0160  Product type: Workstation
03:16:06.0031 0x0160  ComputerName: MAIN
03:16:06.0031 0x0160  UserName: winslow
03:16:06.0031 0x0160  Windows directory: D:\WINDOWS
03:16:06.0031 0x0160  System windows directory: D:\WINDOWS
03:16:06.0031 0x0160  Processor architecture: Intel x86
03:16:06.0031 0x0160  Number of processors: 4
03:16:06.0031 0x0160  Page size: 0x1000
03:16:06.0031 0x0160  Boot type: Normal boot
03:16:06.0031 0x0160  ============================================================
03:16:06.0031 0x0160  BG loaded
03:16:09.0640 0x0160  System UUID: {CC3AE3A8-B75B-A059-AB31-5743C2CC12AA}
03:16:32.0843 0x0160  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
03:16:32.0859 0x0160  ============================================================
03:16:32.0859 0x0160  \Device\Harddisk0\DR0:
03:16:44.0406 0x0160  MBR partitions:
03:16:44.0406 0x0160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
03:16:44.0562 0x0160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0xD6D7DC8
03:16:44.0578 0x0160  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x1731995D, BlocksNum 0xE10FEA3
03:16:44.0578 0x0160  ============================================================
03:16:45.0078 0x0160  C: <-> \Device\Harddisk0\DR0\Partition1
03:16:45.0218 0x0160  D: <-> \Device\Harddisk0\DR0\Partition2
03:16:45.0265 0x0160  ============================================================
03:16:45.0265 0x0160  Initialize success
03:16:45.0265 0x0160  ============================================================
03:20:47.0890 0x0e9c  ============================================================
03:20:47.0890 0x0e9c  Scan started
03:20:47.0890 0x0e9c  Mode: Manual; SigCheck; TDLFS;
03:20:47.0890 0x0e9c  ============================================================
03:20:47.0890 0x0e9c  KSN ping started
03:20:50.0375 0x0e9c  KSN ping finished: true
03:20:52.0000 0x0e9c  ================ Scan system memory ========================
03:20:52.0000 0x0e9c  System memory - ok
03:20:52.0000 0x0e9c  ================ Scan services =============================
03:20:52.0125 0x0e9c  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
03:20:52.0281 0x0e9c  !SASCORE - ok
03:20:52.0734 0x0e9c  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4            D:\WINDOWS\System32\6to4svc.dll
03:20:53.0906 0x0e9c  6to4 - ok
03:20:53.0937 0x0e9c  Abiosdsk - ok
03:20:53.0937 0x0e9c  abp480n5 - ok
03:20:54.0015 0x0e9c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            D:\WINDOWS\system32\DRIVERS\ACPI.sys
03:20:56.0109 0x0e9c  ACPI - ok
03:20:56.0140 0x0e9c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          D:\WINDOWS\system32\drivers\ACPIEC.sys
03:20:56.0218 0x0e9c  ACPIEC - ok
03:20:56.0343 0x0e9c  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:20:56.0359 0x0e9c  AdobeFlashPlayerUpdateSvc - ok
03:20:56.0375 0x0e9c  adpu160m - ok
03:20:56.0421 0x0e9c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             D:\WINDOWS\system32\drivers\aec.sys
03:20:56.0500 0x0e9c  aec - ok
03:20:56.0562 0x0e9c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             D:\WINDOWS\System32\drivers\afd.sys
03:20:56.0625 0x0e9c  AFD - ok
03:20:56.0625 0x0e9c  Aha154x - ok
03:20:56.0625 0x0e9c  aic78u2 - ok
03:20:56.0625 0x0e9c  aic78xx - ok
03:20:56.0656 0x0e9c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         D:\WINDOWS\system32\alrsvc.dll
03:20:56.0734 0x0e9c  Alerter - ok
03:20:56.0843 0x0e9c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             D:\WINDOWS\System32\alg.exe
03:20:56.0875 0x0e9c  ALG - ok
03:20:56.0890 0x0e9c  AliIde - ok
03:20:56.0890 0x0e9c  amsint - ok
03:20:57.0000 0x0e9c  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:20:57.0015 0x0e9c  Apple Mobile Device - ok
03:20:57.0015 0x0e9c  AppMgmt - ok
03:20:57.0015 0x0e9c  asc - ok
03:20:57.0015 0x0e9c  asc3350p - ok
03:20:57.0015 0x0e9c  asc3550 - ok
03:20:57.0046 0x0e9c  [ 2B4E66FAC6503494A2C6F32BB6AB3826, 923EBBE8111E73D5B8ECC2DB10F8EA2629A3264C3A535D01C3C118A3B4C91782 ] AsIO            D:\WINDOWS\system32\drivers\AsIO.sys
03:20:57.0265 0x0e9c  AsIO - ok
03:20:57.0343 0x0e9c  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:20:57.0359 0x0e9c  aspnet_state - ok
03:20:57.0390 0x0e9c  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         D:\WINDOWS\system32\drivers\aswHwid.sys
03:20:57.0406 0x0e9c  aswHwid - ok
03:20:57.0437 0x0e9c  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       D:\WINDOWS\system32\drivers\aswMonFlt.sys
03:20:57.0453 0x0e9c  aswMonFlt - ok
03:20:57.0500 0x0e9c  [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] AswRdr          D:\WINDOWS\system32\drivers\aswRdr.sys
03:20:57.0500 0x0e9c  AswRdr - ok
03:20:57.0531 0x0e9c  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         D:\WINDOWS\system32\drivers\aswRvrt.sys
03:20:57.0562 0x0e9c  aswRvrt - ok
03:20:57.0890 0x0e9c  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          D:\WINDOWS\system32\drivers\aswSnx.sys
03:20:58.0046 0x0e9c  aswSnx - ok
03:20:58.0171 0x0e9c  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           D:\WINDOWS\system32\drivers\aswSP.sys
03:20:58.0265 0x0e9c  aswSP - ok
03:20:58.0281 0x0e9c  [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi          D:\WINDOWS\system32\drivers\aswTdi.sys
03:20:58.0296 0x0e9c  aswTdi - ok
03:20:58.0359 0x0e9c  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          D:\WINDOWS\system32\drivers\aswVmm.sys
03:20:58.0406 0x0e9c  aswVmm - ok
03:20:58.0437 0x0e9c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        D:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:20:58.0515 0x0e9c  AsyncMac - ok
03:20:58.0562 0x0e9c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           D:\WINDOWS\system32\DRIVERS\atapi.sys
03:20:58.0640 0x0e9c  atapi - ok
03:20:58.0640 0x0e9c  Atdisk - ok
03:20:58.0671 0x0e9c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         D:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:20:58.0796 0x0e9c  Atmarpc - ok
03:20:58.0859 0x0e9c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        D:\WINDOWS\System32\audiosrv.dll
03:20:58.0953 0x0e9c  AudioSrv - ok
03:20:58.0984 0x0e9c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         D:\WINDOWS\system32\DRIVERS\audstub.sys
03:20:59.0046 0x0e9c  audstub - ok
03:20:59.0171 0x0e9c  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:20:59.0171 0x0e9c  avast! Antivirus - ok
03:20:59.0203 0x0e9c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            D:\WINDOWS\system32\drivers\Beep.sys
03:20:59.0265 0x0e9c  Beep - ok
03:20:59.0390 0x0e9c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            D:\WINDOWS\system32\qmgr.dll
03:20:59.0609 0x0e9c  BITS - ok
03:20:59.0843 0x0e9c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service D:\Program Files\Bonjour\mDNSResponder.exe
03:20:59.0921 0x0e9c  Bonjour Service - ok
03:20:59.0968 0x0e9c  [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] Bridge          D:\WINDOWS\system32\DRIVERS\bridge.sys
03:21:00.0031 0x0e9c  Bridge - ok
03:21:00.0078 0x0e9c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         D:\WINDOWS\System32\browser.dll
03:21:00.0140 0x0e9c  Browser - ok
03:21:00.0140 0x0e9c  catchme - ok
03:21:00.0171 0x0e9c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         D:\WINDOWS\system32\drivers\cbidf2k.sys
03:21:00.0250 0x0e9c  cbidf2k - ok
03:21:00.0250 0x0e9c  cd20xrnt - ok
03:21:00.0265 0x0e9c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         D:\WINDOWS\system32\drivers\Cdaudio.sys
03:21:00.0343 0x0e9c  Cdaudio - ok
03:21:00.0359 0x0e9c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            D:\WINDOWS\system32\drivers\Cdfs.sys
03:21:00.0453 0x0e9c  Cdfs - ok
03:21:00.0484 0x0e9c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           D:\WINDOWS\system32\DRIVERS\cdrom.sys
03:21:00.0562 0x0e9c  Cdrom - ok
03:21:00.0562 0x0e9c  Changer - ok
03:21:00.0578 0x0e9c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           D:\WINDOWS\system32\cisvc.exe
03:21:00.0656 0x0e9c  CiSvc - ok
03:21:00.0671 0x0e9c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         D:\WINDOWS\system32\clipsrv.exe
03:21:00.0765 0x0e9c  ClipSrv - ok
03:21:00.0875 0x0e9c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:21:00.0921 0x0e9c  clr_optimization_v2.0.50727_32 - ok
03:21:00.0921 0x0e9c  CmdIde - ok
03:21:00.0921 0x0e9c  COMSysApp - ok
03:21:00.0921 0x0e9c  Cpqarray - ok
03:21:00.0953 0x0e9c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        D:\WINDOWS\System32\cryptsvc.dll
03:21:01.0031 0x0e9c  CryptSvc - ok
03:21:01.0031 0x0e9c  dac2w2k - ok
03:21:01.0031 0x0e9c  dac960nt - ok
03:21:01.0156 0x0e9c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      D:\WINDOWS\system32\rpcss.dll
03:21:01.0281 0x0e9c  DcomLaunch - ok
03:21:01.0328 0x0e9c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            D:\WINDOWS\System32\dhcpcsvc.dll
03:21:01.0406 0x0e9c  Dhcp - ok
03:21:01.0437 0x0e9c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            D:\WINDOWS\system32\DRIVERS\disk.sys
03:21:01.0515 0x0e9c  Disk - ok
03:21:01.0515 0x0e9c  dmadmin - ok
03:21:01.0734 0x0e9c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          D:\WINDOWS\system32\drivers\dmboot.sys
03:21:02.0250 0x0e9c  dmboot - ok
03:21:02.0312 0x0e9c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            D:\WINDOWS\system32\drivers\dmio.sys
03:21:02.0421 0x0e9c  dmio - ok
03:21:02.0421 0x0e9c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          D:\WINDOWS\system32\drivers\dmload.sys
03:21:02.0500 0x0e9c  dmload - ok
03:21:02.0515 0x0e9c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        D:\WINDOWS\System32\dmserver.dll
03:21:02.0578 0x0e9c  dmserver - ok
03:21:02.0609 0x0e9c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          D:\WINDOWS\system32\drivers\DMusic.sys
03:21:02.0687 0x0e9c  DMusic - ok
03:21:02.0718 0x0e9c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        D:\WINDOWS\System32\dnsrslvr.dll
03:21:02.0906 0x0e9c  Dnscache - ok
03:21:02.0968 0x0e9c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         D:\WINDOWS\System32\dot3svc.dll
03:21:03.0062 0x0e9c  Dot3svc - ok
03:21:03.0062 0x0e9c  dpti2o - ok
03:21:03.0093 0x0e9c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         D:\WINDOWS\system32\drivers\drmkaud.sys
03:21:03.0171 0x0e9c  drmkaud - ok
03:21:03.0203 0x0e9c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         D:\WINDOWS\System32\eapsvc.dll
03:21:03.0281 0x0e9c  EapHost - ok
03:21:03.0312 0x0e9c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           D:\WINDOWS\System32\ersvc.dll
03:21:03.0390 0x0e9c  ERSvc - ok
03:21:03.0437 0x0e9c  [ 1B957365E68960C8AC027DB0CFBFD0EE, 017C5314FDFFD29530DB00CD4754BB697FED7215E977DD481B772AEBC83C8CCF ] ESProtectionDriver D:\Program Files\Malwarebytes Anti-Exploit\mbae.sys
03:21:03.0437 0x0e9c  ESProtectionDriver - ok
03:21:03.0500 0x0e9c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        D:\WINDOWS\system32\services.exe
03:21:03.0515 0x0e9c  Eventlog - ok
03:21:03.0593 0x0e9c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     D:\WINDOWS\system32\es.dll
03:21:03.0640 0x0e9c  EventSystem - ok
03:21:03.0703 0x0e9c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         D:\WINDOWS\system32\drivers\Fastfat.sys
03:21:03.0906 0x0e9c  Fastfat - ok
03:21:03.0968 0x0e9c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
03:21:04.0015 0x0e9c  FastUserSwitchingCompatibility - ok
03:21:04.0046 0x0e9c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             D:\WINDOWS\system32\drivers\Fdc.sys
03:21:04.0109 0x0e9c  Fdc - ok
03:21:04.0140 0x0e9c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            D:\WINDOWS\system32\drivers\Fips.sys
03:21:04.0234 0x0e9c  Fips - ok
03:21:04.0250 0x0e9c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        D:\WINDOWS\system32\drivers\Flpydisk.sys
03:21:04.0328 0x0e9c  Flpydisk - ok
03:21:04.0375 0x0e9c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          D:\WINDOWS\system32\DRIVERS\fltMgr.sys
03:21:04.0484 0x0e9c  FltMgr - ok
03:21:04.0546 0x0e9c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:21:04.0578 0x0e9c  FontCache3.0.0.0 - ok
03:21:04.0578 0x0e9c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          D:\WINDOWS\system32\drivers\Fs_Rec.sys
03:21:04.0656 0x0e9c  Fs_Rec - ok
03:21:04.0703 0x0e9c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          D:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:21:04.0906 0x0e9c  Ftdisk - ok
03:21:04.0937 0x0e9c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:21:04.0953 0x0e9c  GEARAspiWDM - ok
03:21:04.0984 0x0e9c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             D:\WINDOWS\system32\DRIVERS\msgpc.sys
03:21:05.0062 0x0e9c  Gpc - ok
03:21:05.0109 0x0e9c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:21:05.0234 0x0e9c  HDAudBus - ok
03:21:05.0281 0x0e9c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:21:05.0359 0x0e9c  helpsvc - ok
03:21:05.0375 0x0e9c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         D:\WINDOWS\System32\hidserv.dll
03:21:05.0453 0x0e9c  HidServ - ok
03:21:05.0484 0x0e9c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          D:\WINDOWS\system32\DRIVERS\hidusb.sys
03:21:05.0562 0x0e9c  HidUsb - ok
03:21:05.0593 0x0e9c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          D:\WINDOWS\System32\kmsvc.dll
03:21:05.0671 0x0e9c  hkmsvc - ok
03:21:05.0687 0x0e9c  hpn - ok
03:21:05.0859 0x0e9c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            D:\WINDOWS\system32\Drivers\HTTP.sys
03:21:05.0953 0x0e9c  HTTP - ok
03:21:05.0984 0x0e9c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      D:\WINDOWS\System32\w3ssl.dll
03:21:06.0062 0x0e9c  HTTPFilter - ok
03:21:06.0062 0x0e9c  i2omgmt - ok
03:21:06.0062 0x0e9c  i2omp - ok
03:21:06.0093 0x0e9c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        D:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:21:06.0171 0x0e9c  i8042prt - ok
03:21:06.0250 0x0e9c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
03:21:06.0281 0x0e9c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
03:21:08.0703 0x0e9c  Detect skipped due to KSN trusted
03:21:08.0703 0x0e9c  IDriverT - ok
03:21:09.0062 0x0e9c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:21:09.0500 0x0e9c  idsvc - ok
03:21:09.0515 0x0e9c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           D:\WINDOWS\system32\DRIVERS\imapi.sys
03:21:09.0609 0x0e9c  Imapi - ok
03:21:09.0656 0x0e9c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    D:\WINDOWS\system32\imapi.exe
03:21:09.0734 0x0e9c  ImapiService - ok
03:21:09.0734 0x0e9c  ini910u - ok
03:21:11.0171 0x0e9c  [ 1824C4894AA438CD06C976E44B9E7353, BC57F4D48D8EECFF2B52AB119764DE3A46A69C2208C62A2E2B0D9FE0EB9F45C6 ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
03:21:12.0562 0x0e9c  IntcAzAudAddService - ok
03:21:12.0562 0x0e9c  IntelIde - ok
03:21:12.0593 0x0e9c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        D:\WINDOWS\system32\DRIVERS\intelppm.sys
03:21:12.0656 0x0e9c  intelppm - ok
03:21:12.0671 0x0e9c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
03:21:12.0765 0x0e9c  Ip6Fw - ok
03:21:12.0859 0x0e9c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:21:12.0953 0x0e9c  IpFilterDriver - ok
03:21:12.0984 0x0e9c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          D:\WINDOWS\system32\DRIVERS\ipinip.sys
03:21:13.0062 0x0e9c  IpInIp - ok
03:21:13.0109 0x0e9c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           D:\WINDOWS\system32\DRIVERS\ipnat.sys
03:21:13.0187 0x0e9c  IpNat - ok
03:21:13.0421 0x0e9c  [ 35828479CCB4EE3CFD7523AF63443D5B, CA582DB092DC049597268B8245F2EEFF5DB807CBE2CFABEA04EA00DD5ED9A2B6 ] iPod Service    D:\Program Files\iPod\bin\iPodService.exe
03:21:13.0640 0x0e9c  iPod Service - ok
03:21:13.0687 0x0e9c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           D:\WINDOWS\system32\DRIVERS\ipsec.sys
03:21:13.0781 0x0e9c  IPSec - ok
03:21:13.0843 0x0e9c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          D:\WINDOWS\system32\DRIVERS\irenum.sys
03:21:13.0890 0x0e9c  IRENUM - ok
03:21:13.0937 0x0e9c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          D:\WINDOWS\system32\DRIVERS\isapnp.sys
03:21:14.0015 0x0e9c  isapnp - ok
03:21:14.0031 0x0e9c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        D:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:21:14.0109 0x0e9c  Kbdclass - ok
03:21:14.0140 0x0e9c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          D:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:21:14.0218 0x0e9c  kbdhid - ok
03:21:14.0281 0x0e9c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          D:\WINDOWS\system32\drivers\kmixer.sys
03:21:14.0390 0x0e9c  kmixer - ok
03:21:14.0437 0x0e9c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          D:\WINDOWS\system32\drivers\KSecDD.sys
03:21:14.0500 0x0e9c  KSecDD - ok
03:21:14.0531 0x0e9c  [ B3A21F963BF315A29E1D5EB376A51078, C8B225E50C2E28989D25630D62F2BA35ADACD6A0511EF73AA0010104013E49FC ] L1e             D:\WINDOWS\system32\DRIVERS\l1e51x86.sys
03:21:14.0562 0x0e9c  L1e - ok
03:21:14.0593 0x0e9c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    D:\WINDOWS\System32\srvsvc.dll
03:21:14.0656 0x0e9c  lanmanserver - ok
03:21:14.0703 0x0e9c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
03:21:14.0843 0x0e9c  lanmanworkstation - ok
03:21:14.0843 0x0e9c  lbrtfdc - ok
03:21:14.0937 0x0e9c  [ 3503F257B3203F824B1567238EBE17E2, A6F7B0D3C213DC17B266199FAC7F242529A1C030244A819BDBDB892BF2969FD3 ] LightScribeService D:\Program Files\Common Files\LightScribe\LSSrvc.exe
03:21:14.0953 0x0e9c  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
03:21:17.0687 0x0e9c  Detect skipped due to KSN trusted
03:21:17.0687 0x0e9c  LightScribeService - ok
03:21:17.0718 0x0e9c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         D:\WINDOWS\System32\lmhsvc.dll
03:21:17.0890 0x0e9c  LmHosts - ok
03:21:18.0031 0x0e9c  [ 681F27AFF39F79BDAE5D6B4A3E71B497, FB2C53C4776D1FD5D9E137240F1A508CEB4B0D530AA372A09A4B073569363BF7 ] MbaeSvc         D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
03:21:18.0109 0x0e9c  MbaeSvc - ok
03:21:18.0156 0x0e9c  [ 7263D95DC327A7911874293D509AD79E, 9A50A16C907FFF2B03A283BBCF966465D4CA1BFECA06EAD5B06B4FBF22B6B513 ] mbamchameleon   D:\WINDOWS\system32\drivers\mbamchameleon.sys
03:21:18.0187 0x0e9c  mbamchameleon - ok
03:21:18.0234 0x0e9c  [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy   D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
03:21:18.0281 0x0e9c  MBAMSwissArmy - ok
03:21:18.0296 0x0e9c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       D:\WINDOWS\System32\msgsvc.dll
03:21:18.0375 0x0e9c  Messenger - ok
03:21:18.0406 0x0e9c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           D:\WINDOWS\system32\drivers\mnmdd.sys
03:21:18.0468 0x0e9c  mnmdd - ok
03:21:18.0515 0x0e9c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         D:\WINDOWS\system32\mnmsrvc.exe
03:21:18.0593 0x0e9c  mnmsrvc - ok
03:21:18.0609 0x0e9c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           D:\WINDOWS\system32\drivers\Modem.sys
03:21:18.0671 0x0e9c  Modem - ok
03:21:18.0687 0x0e9c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        D:\WINDOWS\system32\DRIVERS\mouclass.sys
03:21:18.0796 0x0e9c  Mouclass - ok
03:21:18.0843 0x0e9c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          D:\WINDOWS\system32\DRIVERS\mouhid.sys
03:21:18.0921 0x0e9c  mouhid - ok
03:21:18.0937 0x0e9c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        D:\WINDOWS\system32\drivers\MountMgr.sys
03:21:19.0015 0x0e9c  MountMgr - ok
03:21:19.0062 0x0e9c  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:21:19.0109 0x0e9c  MozillaMaintenance - ok
03:21:19.0109 0x0e9c  mraid35x - ok
03:21:19.0187 0x0e9c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          D:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:21:19.0296 0x0e9c  MRxDAV - ok
03:21:19.0421 0x0e9c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:21:19.0578 0x0e9c  MRxSmb - ok
03:21:19.0609 0x0e9c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           D:\WINDOWS\system32\msdtc.exe
03:21:19.0687 0x0e9c  MSDTC - ok
03:21:19.0687 0x0e9c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            D:\WINDOWS\system32\drivers\Msfs.sys
03:21:19.0796 0x0e9c  Msfs - ok
03:21:19.0796 0x0e9c  MSIServer - ok
03:21:19.0859 0x0e9c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         D:\WINDOWS\system32\drivers\MSKSSRV.sys
03:21:19.0921 0x0e9c  MSKSSRV - ok
03:21:19.0953 0x0e9c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        D:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:21:20.0015 0x0e9c  MSPCLOCK - ok
03:21:20.0031 0x0e9c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           D:\WINDOWS\system32\drivers\MSPQM.sys
03:21:20.0109 0x0e9c  MSPQM - ok
03:21:20.0125 0x0e9c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        D:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:21:20.0234 0x0e9c  mssmbios - ok
03:21:20.0265 0x0e9c  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        D:\WINDOWS\system32\DRIVERS\ASACPI.sys
03:21:20.0296 0x0e9c  MTsensor - ok
03:21:20.0343 0x0e9c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             D:\WINDOWS\system32\drivers\Mup.sys
03:21:20.0390 0x0e9c  Mup - ok
03:21:20.0484 0x0e9c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        D:\WINDOWS\System32\qagentrt.dll
03:21:20.0625 0x0e9c  napagent - ok
03:21:20.0687 0x0e9c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            D:\WINDOWS\system32\drivers\NDIS.sys
03:21:20.0812 0x0e9c  NDIS - ok
03:21:20.0843 0x0e9c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        D:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:21:20.0875 0x0e9c  NdisTapi - ok
03:21:20.0906 0x0e9c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         D:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:21:20.0968 0x0e9c  Ndisuio - ok
03:21:21.0015 0x0e9c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         D:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:21:21.0093 0x0e9c  NdisWan - ok
03:21:21.0140 0x0e9c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         D:\WINDOWS\system32\drivers\NDProxy.sys
03:21:21.0171 0x0e9c  NDProxy - ok
03:21:21.0203 0x0e9c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         D:\WINDOWS\system32\DRIVERS\netbios.sys
03:21:21.0281 0x0e9c  NetBIOS - ok
03:21:21.0343 0x0e9c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           D:\WINDOWS\system32\DRIVERS\netbt.sys
03:21:21.0421 0x0e9c  NetBT - ok
03:21:21.0484 0x0e9c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          D:\WINDOWS\system32\netdde.exe
03:21:21.0578 0x0e9c  NetDDE - ok
03:21:21.0609 0x0e9c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      D:\WINDOWS\system32\netdde.exe
03:21:21.0687 0x0e9c  NetDDEdsdm - ok
03:21:21.0703 0x0e9c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        D:\WINDOWS\system32\lsass.exe
03:21:21.0765 0x0e9c  Netlogon - ok
03:21:21.0828 0x0e9c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          D:\WINDOWS\System32\netman.dll
03:21:21.0890 0x0e9c  Netman - ok
03:21:21.0953 0x0e9c  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:21:22.0000 0x0e9c  NetTcpPortSharing - ok
03:21:22.0078 0x0e9c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             D:\WINDOWS\System32\mswsock.dll
03:21:22.0093 0x0e9c  Nla - ok
03:21:22.0125 0x0e9c  [ 1E421A6BCF2203CC61B821ADA9DE878B, C658F1D5DCE7525CF929C65C46AB2881C99D89BF8F0F61C1D440C9D9BFB2F89F ] nm              D:\WINDOWS\system32\DRIVERS\NMnt.sys
03:21:22.0234 0x0e9c  nm - ok
03:21:22.0265 0x0e9c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            D:\WINDOWS\system32\drivers\Npfs.sys
03:21:22.0328 0x0e9c  Npfs - ok
03:21:22.0484 0x0e9c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            D:\WINDOWS\system32\drivers\Ntfs.sys
03:21:22.0765 0x0e9c  Ntfs - ok

Link to post
Share on other sites

  • Root Admin

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.