# AVG Removal



## sharpeye72 (Aug 18, 2009)

Hi guys, Im hoping someone can help rid my laptop of the scourge that is AVG.
I installed AVG free years ago and I also removed it years ago, or so I thought.
My laptop becomes unusable as its resources are gobbled up by several processes such as svchost that can run up to 99% cpu or services.exe or wualt (or something like that) that can also use leave my laptop with no cpu left for me to use, or if Im on Youtube for example, Firefox and plugin container use 100% cpu and almost all of my 1 GB or ram.
While trying to find processes I can kill so that I can use my own laptop, I found vprot.exe and toolbarupdater.exe that are also being quite greedy and after some googling, discovered they are part of AVG safeguard toolbar which I thought I'd removed.
In add/remove programs, I cannot remove it and in the AVG folder in program files, the uninstall icon does nothing and the vprot icon does nothing.
My laptop is an IBM T30 with a Pentium M4 processor and I have 1 Gb of ram. I am using XP with firefox 25 and Avast antivirus.
I have done a HJT scan, here are the results. Thanks for taking the time to read through this and I hope to hear from you soon.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:06:15, on 23/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21348)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\edd7227b-e234-494c-bd91-62b7b0e3cb8c.exe /check
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ad675b7a8b994f2e9896dc4220c7853b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ad675b7a8b994f2e9896dc4220c7853b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

--
End of file - 9517 bytes

I've just noticed Roxio on there as well which I thought I'd removed years ago as well !!


----------



## lunarlander (Sep 22, 2007)

Please find the correct version of AVG you had and choose the removal tool from below:

http://www.avg.com/ca-en/utilities


----------



## sharpeye72 (Aug 18, 2009)

I did try to remove AVG with a removal tool but in the log there are quite a few "Failed to delete key" or "DEBUG Missing ParentDir path for fileItem number ** " so I followed advice given in another thread on this topic and used Revo which seemed to work quite well, however, I still have 2 processes of toolbarupdater.exe running. They're not using much mem but I would rather they were gone completely.
Any ideas??
Many thanks


----------



## Cookiegal (Aug 27, 2003)

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## flavallee (May 12, 2002)

Complete the instructions in post #4.

Once Cookiegal views your log and gives you further instructions, *AdwCleaner* should take care of most or all of that AVG-related "debris".



> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
> C:\Program Files\AVAST Software\Avast\AvastSvc.exe
> 
> My laptop is an IBM T30 with a Pentium M4 processor and I have 1 Gb of ram.


Your IBM Thinkpad T30 laptop appears to be running both *Avast* and *COMODO Internet Security*.

Having both is going to cause issues and keep it running like a turtle.

It's already maxed out with 1 GB of RAM, so unfortunately there's no option to add more.

------------------------------------------------------------


----------



## sharpeye72 (Aug 18, 2009)

Hi Cookiegal, youve helped me in the past with previous issues so its nice to see you on this one =)
Here is the report from the ADW scan

# AdwCleaner v3.013 - Report created 24/11/2013 at 16:16:40
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - T30-UWZS1Q0D4LJ
# Running from : C:\Documents and Settings\user\My Documents\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater15.2.0

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hjr7zx8u.default-1340836041904\Extensions\[email protected]
File Found : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m83ao82z.default-1377955900328\Extensions\[email protected]
File Found : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u4ajedgv.default-1381308789883\Extensions\[email protected]
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\WINDOWS\system32\roboot.exe
File Found : C:\WINDOWS\Tasks\Your File Updater.job
Folder Found C:\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\CodecCheck
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\user\Application Data\NCH Software
Folder Found C:\Documents and Settings\user\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\NCH Software
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21348

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\prefs.js ]

Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299872");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.machineId", "HRYIICOEJIFCOPEHOT7U6XDUARVPYYLKMUMOP0SJP5YLSOXMYN6J5WPYTCK03UDAJYYCPB+YQ1GAS6RFPI/1SQ");

*************************

AdwCleaner[R0].txt - [5707 octets] - [24/11/2013 16:16:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5767 octets] ##########

I have both Avast and Comodo but I have this to use Comodo firewall and Avast anti-virus.

I have read somewhere that the T30 will accept 2 x 1Gb memory cards if they are the right type and I bought what I thought were those cards but when they arrived they were 2 x 512Mb so unfortunately I have spare lol


----------



## Cookiegal (Aug 27, 2003)

Well it turns out that AVG is the least of your worries. 

You really shouldn't have Avast and Comodo Internet Security installed on the machine at the same time even if you're only using the firewall component. You can download the standalone Comodo Personal Firewall:

http://personalfirewall.comodo.com/

Please run AdwCleaner again and this time select the "clean" option and post the resulting log.


----------



## flavallee (May 12, 2002)

> I have read somewhere that the T30 will accept 2 x 1Gb memory cards if they are the right type


According to the CRUCIAL memory site and the LENOVO(IBM) site for that laptop, it supports a maximum of 1 GB(512 MB X 2) of RAM.

If you somehow can get it to support 2 GB(1 GB X 2) of RAM, go for it.

It uses 2.5 volt, CL=2.5, unbuffered, non-ECC, DDR PC2100(DDR266) or DDR PC2700(DDR333) 200-pin SODIMM modules.

-----------------------------------------------------------

Considering how old and slow that laptop is, I would stick with the Windows built-in firewall instead of using a third-party firewall.

As long as your computing habits and practices are safe and responsible, it'll do fine.

-----------------------------------------------------------


----------



## sharpeye72 (Aug 18, 2009)

I finally managed to go through all the suggested actions, comodo firewall took an age to install !!
When I rebooted my laptop I received a warning message that command agent could not start and then it failed to fix the issue and now I have no Internet access. Fortunately I still have my iPhone to post this. 
I have tried to run comodo dragon and virtual comodo dragon with no success


----------



## Cookiegal (Aug 27, 2003)

Uninstall Comodo Personal Firewall and then reboot afterwards. Be sure to turn on the Windows Firewall if it doesn't automatically.


----------



## sharpeye72 (Aug 18, 2009)

Understood, I'll post again when I'm done


----------



## sharpeye72 (Aug 18, 2009)

Ok, I've removed Comodo and Geek whatever it was and when I started Firefox, it still wouldn't give me internet access. One thing I did notice though is the PrivDog Icon was still therein the top right. I opened up the setting for this and added google to the exceptions page and hey presto, internet access was reestablished so I'm wondering if Comodo wasn't to blame?
Anyhow, I've run the ADW scan again and this is the report

# AdwCleaner v3.013 - Report created 24/11/2013 at 20:35:07
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - T30-UWZS1Q0D4LJ
# Running from : C:\Documents and Settings\user\My Documents\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21348

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\prefs.js ]

*************************

AdwCleaner[R0].txt - [5847 octets] - [24/11/2013 16:16:40]
AdwCleaner[R1].txt - [961 octets] - [24/11/2013 19:03:55]
AdwCleaner[R2].txt - [1020 octets] - [24/11/2013 20:25:02]
AdwCleaner[R3].txt - [882 octets] - [24/11/2013 20:35:07]
AdwCleaner[S0].txt - [6054 octets] - [24/11/2013 16:53:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1001 octets] ##########


----------



## sharpeye72 (Aug 18, 2009)

flavallee said:


> According to the CRUCIAL memory site and the LENOVO(IBM) site for that laptop, it supports a maximum of 1 GB(512 MB X 2) of RAM.
> 
> If you somewhat can get it to support 2 GB(1 GB X 2) of RAM, go for it.
> 
> ...


The site that I read about the memory in a T30 stated that it was only listed as supporting 512 meg memory cards as that was all that was available at the time, it went on to say that since then, 1 gig cards were being produced and they did work in the T30 but I'm not sure that more memory would necessarily help as it seems my CPU usage goes to 100% much more than my memory usage.


----------



## flavallee (May 12, 2002)

Depending on what chipset is in that old laptop, it "may" accept and utilize 1 GB modules.

I had a couple of old desktops with an Intel 845G chipset that "supposedly" supported a maximum of 1 GB of DDR PC2700 or DDR PC3200 RAM, but in reality they accepted and utilized 2 GB of RAM.

When a computer runs out of physical RAM for running Windows, it uses "virtual memory" from the hard drive - which is much slower than using actual RAM.

That's why having more actual RAM is better for improving speed and performance in a computer.

---------------------------------------------------------

I just noticed your thread has been moved to the "Virus & Other Malware Removal" section.

Only gold shield removal specialists (like Cookiegal) are authorized to help you here, so my input here is done.

---------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## sharpeye72 (Aug 18, 2009)

How long is the dds scan supposed to take? I started the scan about 2 hours ago and no logs have appeared no my desktop yet


----------



## Cookiegal (Aug 27, 2003)

It shouldn't take very long. Does it look like it's still scanning?

If not, remove that one and try this version:

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe


Double-click DDS to run the program.

Make sure there is a check mark in the box beside dds.txt (there should be by default)
Place a check mark in the box beside attach.txt

*Do not select any other options unless specifically instructed to do so.*

Press Start to begin the scan

When the scan is finished, a log named dds.txt will open automatically and a second log named attach.txt will be minimized on your taskbar so please click on it to open it as well. Save both of the reports to your desktop and then copy and paste the contents of both logs in your post.


----------



## sharpeye72 (Aug 18, 2009)

Dds.scr is using 5.5k an 0% CPU


----------



## Cookiegal (Aug 27, 2003)

Please see my last post.


----------



## sharpeye72 (Aug 18, 2009)

I was just letting you know the status of the previous scan before trying the new set if instructions. This time I ran dds.com and everything seems to have locked up.


----------



## Cookiegal (Aug 27, 2003)

Let's try something else.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## sharpeye72 (Aug 18, 2009)

I have tried to run all examples of dds but they seem to get to around 80% before my laptop hangs. I have started to run otl and will post again when that's done


----------



## sharpeye72 (Aug 18, 2009)

OK, the scan has finally finished and here are the txt files. I've been waiting up for the scan to finish but its 4:20 am here in UK so I need some sleep now so no need to hurry back with your next set of instructions =)

Extas.txt

OTL Extras logfile created on: 25/11/2013 01:43:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.98 Mb Total Physical Memory | 366.23 Mb Available Physical Memory | 35.80% Memory free
1.28 Gb Paging File | 0.74 Gb Available in Paging File | 58.08% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.31 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: T30-UWZS1Q0D4LJ | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Comodo\tvnserver.exe" = C:\Program Files\Common Files\Comodo\tvnserver.exe:*:Enabled:TVN Server
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Documents and Settings\user\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\user\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe" = C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe:*:Enabled:KMPProcess
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\user\My Documents\Downloads\tinyumbrella-7.02.01a.exe" = C:\Documents and Settings\user\My Documents\Downloads\tinyumbrella-7.02.01a.exe:*:Enabled:TinyUmbrella - Save your SHSH!
"C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-7.02.01a.exe" = C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-7.02.01a.exe:*:Enabled:TinyUmbrella - Save your SHSH!
"C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-6.13.00.exe" = C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-6.13.00.exe:*:Enabled:TinyUmbrella - Save your SHSH!
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2FF5FC32-B2AC-4505-A381-350670AA46D4}" = Fuse Drivers
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92F68DD3-0879-4952-A8B3-28BDBCDB56E9}" = Mini-SE_1.51
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AE86AE81-CD7F-496F-A39F-0210C985E71B}" = FM Modifier 2.25
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = Micronet SP907GK Wireless Network Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3herosoft iPhone to Computer Transfer" = 3herosoft iPhone to Computer Transfer
"888poker" = 888poker
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CoreAAC" = CoreAAC
"Debut" = Debut Video Capture Software
"DESkey DK2 Uninstall" = DK2 DESkey Drivers v7.14.0.25
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"FLSINST" = FLS-4 Driver Installation
"GOM Player" = GOM Player
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCDJ FX VRM" = PCDJ FX VRM
"PCDJ KJ" = PCDJ KJ
"Power Management Driver" = ThinkPad Power Management Driver
"PrivDog" = PrivDog
"Revo Uninstaller" = Revo Uninstaller 1.94
"seopowersuite" = SEO SpyGlass
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"The KMPlayer" = The KMPlayer (remove only)
"TurboTop_is1" = TurboTop 2.7
"VideoPad" = VideoPad Video Editor
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 2.1.0
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/05/2017 15:19:30 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/05/2017 15:19:30 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/05/2017 15:19:31 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/05/2017 15:19:37 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/05/2017 15:19:37 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/05/2017 15:19:37 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/05/2017 15:19:37 | Computer Name = T30-UWZS1Q0D4LJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 26/06/2017 21:56:28 | Computer Name = T30-UWZS1Q0D4LJ | Source = Application Hang | ID = 1002
Description = Hanging application Mame32.exe, version 0.91.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/06/2017 20:14:08 | Computer Name = T30-UWZS1Q0D4LJ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20061.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/07/2007 13:36:02 | Computer Name = T30-UWZS1Q0D4LJ | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.3250, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 28/06/2017 20:12:31 | Computer Name = T30-UWZS1Q0D4LJ | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 28/06/2017 20:13:49 | Computer Name = T30-UWZS1Q0D4LJ | Source = NWCWorkstation | ID = 9004
Description = The Microsoft Client Service for NetWare redirector (NWRDR) could 
not be started.

Error - 28/06/2017 20:13:49 | Computer Name = T30-UWZS1Q0D4LJ | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%5

Error - 28/06/2017 20:13:49 | Computer Name = T30-UWZS1Q0D4LJ | Source = Service Control Manager | ID = 7000
Description = The NWLink NetBIOS service failed to start due to the following error:
%%5

Error - 28/06/2017 20:13:49 | Computer Name = T30-UWZS1Q0D4LJ | Source = Service Control Manager | ID = 7000
Description = The NWLink SPX/SPXII Protocol service failed to start due to the following
error: %%5

Error - 28/06/2017 20:13:49 | Computer Name = T30-UWZS1Q0D4LJ | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%5

Error - 28/06/2017 20:21:15 | Computer Name = T30-UWZS1Q0D4LJ | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on 
the Network Card with network address 00022D7C8422.

Error - 28/06/2017 20:24:59 | Computer Name = T30-UWZS1Q0D4LJ | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on 
the Network Card with network address 00022D7C8422.

Error - 28/06/2017 20:27:48 | Computer Name = T30-UWZS1Q0D4LJ | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on 
the Network Card with network address 00022D7C8422.

Error - 29/06/2007 01:38:59 | Computer Name = T30-UWZS1Q0D4LJ | Source = NetBT | ID = 4321
Description = The name "MSHOMETEST :1d" could not be registered on the Interface
with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not
allow the name to be claimed by this machine.

< End of report >

OTL.txt

OTL logfile created on: 25/11/2013 01:43:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.98 Mb Total Physical Memory | 366.23 Mb Available Physical Memory | 35.80% Memory free
1.28 Gb Paging File | 0.74 Gb Available in Paging File | 58.08% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.31 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: T30-UWZS1Q0D4LJ | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 01:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2013/11/24 14:44:35 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/24 14:44:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/16 01:53:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/28 12:09:36 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
PRC - [2007/04/03 22:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/24 21:02:26 | 002,147,840 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13112401\algo.dll
MOD - [2013/11/20 20:07:43 | 016,237,448 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/11/16 01:53:00 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/02 13:44:40 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/05/11 05:21:48 | 000,172,544 | ---- | M] () -- C:\WINDOWS\system32\iMobileDisk.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/05 00:27:06 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll
MOD - [2007/03/26 09:40:01 | 000,131,072 | ---- | M] () -- C:\Program Files\DAEMON Tools\cryptapi.dll
MOD - [2006/10/26 21:30:10 | 000,131,072 | ---- | M] () -- C:\Program Files\Micronet SP907GK Wireless Network Utility\EnumDevLib.dll
MOD - [2005/07/20 03:53:04 | 000,966,765 | ---- | M] () -- C:\Program Files\Micronet SP907GK Wireless Network Utility\acAuth.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\AVSETUP_501bc242\avupgsvc.exe /TEMPSTART:C:\WINDOWS\TEMP\AVSETUP_501bc242\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE -- (AviraUpgradeService)
SRV - [2013/11/24 14:44:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/20 20:07:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/16 01:53:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\Desktop\AIRCRA~1.1-W\AIRCRA~1.1\bin\PEEK5.SYS -- (PEEK5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a10uwesf)
DRV - [2013/11/24 14:45:11 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/24 14:45:11 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/24 14:45:10 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/24 14:45:10 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/11/24 14:45:10 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/22 21:17:12 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/08 13:55:51 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2013/11/02 13:45:06 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/02 13:45:05 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/25 11:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/10/03 21:45:20 | 000,035,226 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flsvcom.sys -- (FLSVCOM)
DRV - [2011/10/03 21:45:16 | 000,008,344 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flsser.sys -- (FLSSER)
DRV - [2011/10/03 21:45:13 | 000,016,314 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flspar.sys -- (FLSPAR)
DRV - [2011/10/03 21:45:11 | 000,014,272 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flsiface.sys -- (FLSIFACE)
DRV - [2011/10/03 21:44:47 | 000,033,404 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fle5wnnt.sys -- (FLE5WNNT)
DRV - [2011/10/03 21:40:02 | 000,049,720 | ---- | M] (Data Encryption Systems Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/05/13 15:31:24 | 000,238,464 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/26 21:07:11 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/09/26 21:07:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/09/26 18:30:11 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2008/04/13 18:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/10/25 14:25:01 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/10/19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/01 05:06:42 | 000,238,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2005/08/10 14:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005/08/10 12:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005/05/25 21:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/16 13:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/03 21:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/08/18 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 13:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2001/08/17 13:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{24354C5C-A608-48A1-94FD-F7B3650C29C2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AAC31524-0FD2-47DB-B233-F1420B9F13BA}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/29 20:56:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/24 14:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/10 13:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/11/24 16:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hjr7zx8u.default-1340836041904\extensions
[2013/11/24 16:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m83ao82z.default-1377955900328\extensions
[2013/11/24 16:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u4ajedgv.default-1381308789883\extensions
[2013/11/24 18:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions
[2013/11/24 18:13:32 | 000,523,647 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]
[2013/10/31 23:54:18 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\searchplugins\installl-converter-customized-web-search.xml
[2013/11/16 06:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/30 15:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/24 20:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/16 01:53:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/16 00:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/11/16 00:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/16 00:34:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
[2013/11/16 00:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/11/16 00:34:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/24 14:44:23 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2013/11/13 18:34:05 | 000,249,937 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8712 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\edd7227b-e234-494c-bd91-62b7b0e3cb8c.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] "C:\Documents and Settings\All Users\Application Data\cisF.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} File not found
O4 - HKLM..\Run: [PrivDogService] "C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - c:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D28FF2-3436-4F65-898A-B8C738B518DB}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/12 10:36:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\Shell - "" = AutoRun
O33 - MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\Shell\Auto\command - "" = SVCH.exe e
O33 - MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2017/06/28 23:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\MSN6
[2017/06/28 23:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2017/06/28 23:48:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2017/05/29 22:02:39 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2017/05/29 22:02:36 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HIDSwvd.sys
[2017/05/29 22:02:36 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2017/05/29 22:02:34 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2017/05/29 21:55:45 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2017/05/29 21:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\mame32u901
[2017/05/29 21:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2017/04/27 04:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
[2017/04/17 12:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
[2017/04/17 12:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Visiosonic
[2017/04/17 12:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\PCDJ Recordcase
[2013/11/25 01:18:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.exe
[2013/11/24 18:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia
[2013/11/24 18:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/11/24 18:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/11/24 17:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\COMODO
[2013/11/24 17:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013/11/24 16:16:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/22 21:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/11/22 21:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Canneverbe Limited
[2013/11/22 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2013/11/20 19:55:36 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/20 19:55:36 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/16 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/11/16 20:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/11/16 20:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/11/16 16:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Poker AV's
[2013/11/16 06:01:01 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/11/16 06:01:00 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/11/16 06:00:59 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/11/16 06:00:58 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/11/16 06:00:58 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/11/16 06:00:57 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/11/16 03:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/11/16 03:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/16 03:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/16 03:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/13 02:15:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2013/11/13 01:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/11/02 14:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVAST Software
[2013/11/02 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/11/01 00:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\The KMPlayer
[2013/11/01 00:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017/06/29 00:13:47 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2017/06/27 01:49:31 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Mame32.lnk
[2017/04/27 04:50:03 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
[2014/03/09 20:15:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2014/03/09 20:15:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2014/03/09 20:07:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2014/03/09 20:07:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2013/11/25 04:02:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/25 03:47:11 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
[2013/11/25 03:47:10 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
[2013/11/25 03:41:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/11/25 02:51:33 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/11/25 01:33:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/11/25 01:33:09 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/11/25 01:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/25 01:32:46 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 01:18:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.exe
[2013/11/24 14:48:37 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/11/24 14:45:11 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/11/24 14:45:11 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/11/24 14:45:10 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/11/24 14:45:10 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/11/24 14:45:10 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/11/24 14:45:05 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/11/24 14:45:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/23 15:03:28 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2013/11/23 02:43:30 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/22 21:46:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/11/22 21:23:15 | 000,003,745 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/22 21:17:12 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/11/21 00:02:39 | 000,002,243 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mini-SE.exe.lnk
[2013/11/20 20:07:45 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/20 20:07:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/20 17:36:50 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/18 13:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/11/16 20:41:42 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
[2013/11/16 05:13:17 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2013/11/16 03:06:11 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/11/13 18:34:05 | 000,249,937 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/13 18:34:05 | 000,249,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2013/11/13 02:10:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/11/12 21:36:53 | 000,100,678 | ---- | M] () -- C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
[2013/11/12 21:36:53 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\user\My Documents\iTunes Diagnostics.rtf
[2013/11/08 13:55:51 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2013/11/03 19:34:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/02 13:45:06 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/02 13:45:05 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/11/02 13:20:52 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/10/30 19:28:20 | 000,533,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 19:28:20 | 000,101,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/27 00:31:46 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to fm.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017/06/27 01:49:31 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Mame32.lnk
[2017/05/29 21:35:03 | 000,002,058 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2017/04/27 04:50:03 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
[2013/11/24 20:02:32 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
[2013/11/24 20:02:17 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
[2013/11/22 21:46:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/11/22 21:46:03 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2013/11/20 19:55:39 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/16 20:41:42 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
[2013/11/16 05:13:17 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2013/11/16 03:06:11 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/11/12 21:36:53 | 000,100,678 | ---- | C] () -- C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
[2013/11/12 21:36:51 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\user\My Documents\iTunes Diagnostics.rtf
[2013/11/02 13:50:14 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/29 14:34:39 | 000,003,745 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/03/17 11:24:09 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/17 11:24:08 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/09/22 16:11:39 | 006,803,456 | ---- | C] () -- C:\Documents and Settings\user\ntuser.rhk
[2012/08/26 20:00:15 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 17:23:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2012/07/05 16:53:46 | 000,441,869 | ---- | C] () -- C:\Documents and Settings\user\.websiteauditor.properties
[2012/07/04 19:16:28 | 000,196,253 | ---- | C] () -- C:\Documents and Settings\user\.spyglass.properties
[2012/05/11 05:21:48 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\iMobileDisk.dll
[2008/03/14 18:56:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/04/17 15:21:49 | 001,035,271 | ---- | C] () -- C:\Program Files\wrar362.exe

========== ZeroAccess Check ==========

[2007/07/03 19:40:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B1147D

< End of report >

Many thanks


----------



## Cookiegal (Aug 27, 2003)

Before we do anything else please reset the date and time on your computer.

Go to *Control Panel *- *Date and Time* - click all of the tabs to make sure the date, time and time zone are correct and also let me know the date of the late time synchronization.


----------



## sharpeye72 (Aug 18, 2009)

23/11/2013 at 02:50 was the last time the it was synchronized.


----------



## Cookiegal (Aug 27, 2003)

Was the time correct on the other tabs?

Were you able to run GMER?


----------



## sharpeye72 (Aug 18, 2009)

Yeah, everything was spot on. I haven't run GMER yet as my laptop now recognizes my iphone so i'm restoring a recent back up from before my phone died, it has about 15 bmins left, then I'm on it


----------



## sharpeye72 (Aug 18, 2009)

GMER 2.1.19163 - http://www.gmer.net
Rootkit quick scan 2013-11-25 22:07:41
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4025GAS rev.KA100A 37.26GB
Running: pfkzm20x.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\afgyruoc.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF036C96F]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF036C7DA]

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort0 [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys
Device \Driver\aoc6l3cs \Device\Scsi\aoc6l3cs1Port2Path0Target1Lun0 8753C1E8
Device \Driver\aoc6l3cs \Device\Scsi\aoc6l3cs1Port2Path0Target1Lun0 sfsync02.sys
Device \Driver\aoc6l3cs \Device\Scsi\aoc6l3cs1 8753C1E8
Device \Driver\aoc6l3cs \Device\Scsi\aoc6l3cs1 sfsync02.sys
Device \Driver\aoc6l3cs \Device\Scsi\aoc6l3cs1Port2Path0Target0Lun0 8753C1E8
Device \Driver\aoc6l3cs \Device\Scsi\aoc6l3cs1Port2Path0Target0Lun0 sfsync02.sys
Device \FileSystem\Ntfs \Ntfs 877CF1E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys

---- EOF - GMER 2.1 ----


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## sharpeye72 (Aug 18, 2009)

23:06:26.0324 3848 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:06:49.0117 3848 ============================================================
23:06:49.0117 3848 Current date / time: 2013/11/25 23:06:49.0117
23:06:49.0117 3848 SystemInfo:
23:06:49.0117 3848 
23:06:49.0117 3848 OS Version: 5.1.2600 ServicePack: 3.0
23:06:49.0117 3848 Product type: Workstation
23:06:49.0117 3848 ComputerName: T30-UWZS1Q0D4LJ
23:06:49.0117 3848 UserName: user
23:06:49.0117 3848 Windows directory: C:\WINDOWS
23:06:49.0117 3848 System windows directory: C:\WINDOWS
23:06:49.0117 3848 Processor architecture: Intel x86
23:06:49.0117 3848 Number of processors: 1
23:06:49.0117 3848 Page size: 0x1000
23:06:49.0117 3848 Boot type: Normal boot
23:06:49.0117 3848 ============================================================
23:06:51.0780 3848 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:06:51.0791 3848 ============================================================
23:06:51.0791 3848 \Device\Harddisk0\DR0:
23:06:51.0801 3848 MBR partitions:
23:06:51.0801 3848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
23:06:51.0801 3848 ============================================================
23:06:51.0841 3848 C: <-> \Device\Harddisk0\DR0\Partition1
23:06:51.0841 3848 ============================================================
23:06:51.0841 3848 Initialize success
23:06:51.0841 3848 ============================================================
23:06:58.0340 3564 ============================================================
23:06:58.0340 3564 Scan started
23:06:58.0340 3564 Mode: Manual; 
23:06:58.0340 3564 ============================================================
23:06:58.0730 3564 ================ Scan system memory ========================
23:06:58.0730 3564 System memory - ok
23:06:58.0741 3564 ================ Scan services =============================
23:06:58.0891 3564 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:06:58.0921 3564 !SASCORE - ok
23:06:59.0411 3564 Abiosdsk - ok
23:06:59.0431 3564 abp480n5 - ok
23:06:59.0522 3564 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
23:06:59.0572 3564 ac97intc - ok
23:06:59.0732 3564 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:06:59.0802 3564 ACPI - ok
23:06:59.0862 3564 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:06:59.0862 3564 ACPIEC - ok
23:07:00.0032 3564 [ 438F31336B3DC248ABC632F1C8F34A24 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:07:00.0143 3564 AdobeFlashPlayerUpdateSvc - ok
23:07:00.0163 3564 adpu160m - ok
23:07:00.0243 3564 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:07:00.0293 3564 aec - ok
23:07:00.0353 3564 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:07:00.0353 3564 AegisP - ok
23:07:00.0453 3564 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:07:00.0503 3564 AFD - ok
23:07:00.0573 3564 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:07:00.0583 3564 agp440 - ok
23:07:00.0603 3564 Aha154x - ok
23:07:00.0613 3564 aic78u2 - ok
23:07:00.0633 3564 aic78xx - ok
23:07:00.0703 3564 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:07:00.0703 3564 Alerter - ok
23:07:00.0763 3564 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:07:00.0783 3564 ALG - ok
23:07:00.0803 3564 AliIde - ok
23:07:00.0824 3564 amsint - ok
23:07:00.0954 3564 [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:07:00.0984 3564 Apple Mobile Device - ok
23:07:01.0074 3564 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:07:01.0124 3564 AppMgmt - ok
23:07:01.0164 3564 asc - ok
23:07:01.0184 3564 asc3350p - ok
23:07:01.0204 3564 asc3550 - ok
23:07:01.0424 3564 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:07:01.0545 3564 aspnet_state - ok
23:07:01.0685 3564 [ 74202D5A696A412733B387BD18400E4C ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:07:01.0695 3564 aswFsBlk - ok
23:07:01.0795 3564 [ AA3397F034871DE76A74585774029580 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
23:07:01.0805 3564 aswMonFlt - ok
23:07:01.0885 3564 [ 9F597676EDA29D6619C5E76F523892D7 ] AswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:07:01.0895 3564 AswRdr - ok
23:07:01.0955 3564 [ F385467DF95D0A73775CB3B076B8B969 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
23:07:01.0955 3564 aswRvrt - ok
23:07:02.0286 3564 [ BB27A67D7F465D2720D74B5223DD91E4 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:07:02.0566 3564 aswSnx - ok
23:07:02.0786 3564 [ 259E864BFB9268CD7CEFA5849A3B374B ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:07:02.0906 3564 aswSP - ok
23:07:02.0987 3564 [ AB499F3325E62E157F8E8302065B1B30 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:07:02.0997 3564 aswTdi - ok
23:07:03.0097 3564 [ BADA8FD627F1D0E22308211C33F0BDB5 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
23:07:03.0147 3564 aswVmm - ok
23:07:03.0197 3564 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:07:03.0217 3564 AsyncMac - ok
23:07:03.0287 3564 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:07:03.0297 3564 atapi - ok
23:07:03.0317 3564 Atdisk - ok
23:07:03.0507 3564 [ 4A243FFB3837D16371533CD6FE8AADC2 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
23:07:03.0688 3564 Ati HotKey Poller - ok
23:07:04.0078 3564 [ CFB737FB9E2C8F508BAF14A4A8BEDF22 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:07:04.0459 3564 ati2mtag - ok
23:07:04.0529 3564 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:07:04.0549 3564 Atmarpc - ok
23:07:04.0609 3564 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:07:04.0609 3564 AudioSrv - ok
23:07:04.0669 3564 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:07:04.0679 3564 audstub - ok
23:07:04.0799 3564 [ 4D41D30E2FAB3307967C7A0B045DC874 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:07:04.0819 3564 avast! Antivirus - ok
23:07:04.0919 3564 [ 3A951F3D6CD2417BFF4ACF7F002AC1CC ] AVEO C:\WINDOWS\system32\DRIVERS\AVEOdcnt.sys
23:07:04.0979 3564 AVEO - ok
23:07:05.0060 3564 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:07:05.0070 3564 avgtp - ok
23:07:05.0170 3564 AviraUpgradeService - ok
23:07:05.0210 3564 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:07:05.0220 3564 Beep - ok
23:07:05.0430 3564 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:07:05.0610 3564 BITS - ok
23:07:05.0831 3564 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service c:\Program Files\Bonjour\mDNSResponder.exe
23:07:05.0961 3564 Bonjour Service - ok
23:07:06.0041 3564 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:07:06.0051 3564 Browser - ok
23:07:06.0111 3564 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:07:06.0121 3564 cbidf2k - ok
23:07:06.0161 3564 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:07:06.0171 3564 CCDECODE - ok
23:07:06.0211 3564 cd20xrnt - ok
23:07:06.0251 3564 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:07:06.0261 3564 Cdaudio - ok
23:07:06.0321 3564 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:07:06.0321 3564 Cdfs - ok
23:07:06.0371 3564 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:07:06.0402 3564 Cdrom - ok
23:07:06.0422 3564 Changer - ok
23:07:06.0472 3564 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
23:07:06.0482 3564 cisvc - ok
23:07:06.0542 3564 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:07:06.0552 3564 ClipSrv - ok
23:07:06.0712 3564 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:07:06.0892 3564 clr_optimization_v2.0.50727_32 - ok
23:07:07.0133 3564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:07:07.0323 3564 clr_optimization_v4.0.30319_32 - ok
23:07:07.0363 3564 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:07:07.0373 3564 CmBatt - ok
23:07:07.0393 3564 CmdIde - ok
23:07:07.0443 3564 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:07:07.0453 3564 Compbatt - ok
23:07:07.0473 3564 COMSysApp - ok
23:07:07.0513 3564 Cpqarray - ok
23:07:07.0593 3564 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:07:07.0653 3564 CryptSvc - ok
23:07:07.0683 3564 dac2w2k - ok
23:07:07.0713 3564 dac960nt - ok
23:07:07.0914 3564 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:07:08.0094 3564 DcomLaunch - ok
23:07:08.0184 3564 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:07:08.0244 3564 Dhcp - ok
23:07:08.0294 3564 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:07:08.0304 3564 Disk - ok
23:07:08.0364 3564 [ 55A9360122CE675E9785A41FCA0F0547 ] dk2drv C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys
23:07:08.0364 3564 dk2drv - ok
23:07:08.0394 3564 dmadmin - ok
23:07:08.0535 3564 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:07:08.0645 3564 dmboot - ok
23:07:08.0735 3564 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:07:08.0785 3564 dmio - ok
23:07:08.0835 3564 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:07:08.0845 3564 dmload - ok
23:07:08.0905 3564 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:07:08.0915 3564 dmserver - ok
23:07:08.0985 3564 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:07:08.0995 3564 DMusic - ok
23:07:09.0065 3564 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:07:09.0095 3564 Dnscache - ok
23:07:09.0186 3564 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:07:09.0206 3564 Dot3svc - ok
23:07:09.0246 3564 dpti2o - ok
23:07:09.0286 3564 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:07:09.0286 3564 drmkaud - ok
23:07:09.0386 3564 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:07:09.0426 3564 E100B - ok
23:07:09.0486 3564 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:07:09.0506 3564 EapHost - ok
23:07:09.0566 3564 [ D82414EC520453EFE2EBA936F6A9115A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
23:07:09.0566 3564 EAPPkt - ok
23:07:09.0646 3564 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:07:09.0656 3564 ERSvc - ok
23:07:09.0756 3564 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:07:09.0816 3564 Eventlog - ok
23:07:09.0967 3564 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
23:07:10.0067 3564 EventSystem - ok
23:07:10.0147 3564 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:07:10.0207 3564 Fastfat - ok
23:07:10.0307 3564 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:07:10.0387 3564 FastUserSwitchingCompatibility - ok
23:07:10.0427 3564 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:07:10.0447 3564 Fdc - ok
23:07:10.0507 3564 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:07:10.0517 3564 Fips - ok
23:07:10.0578 3564 [ EA7ED2075D7EED73DD5658835B61C558 ] FLE5WNNT C:\WINDOWS\System32\Drivers\fle5wnnt.sys
23:07:10.0578 3564 FLE5WNNT - ok
23:07:10.0698 3564 FlexService - ok
23:07:10.0748 3564 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:07:10.0748 3564 Flpydisk - ok
23:07:10.0798 3564 [ 33010D451A3A4605F460BF1FA15AEA65 ] FLSIFACE C:\WINDOWS\System32\Drivers\flsiface.sys
23:07:10.0798 3564 FLSIFACE - ok
23:07:10.0828 3564 [ F85EC1AD593B1F889CF664D68DA27274 ] FLSPAR C:\WINDOWS\System32\Drivers\flspar.sys
23:07:10.0838 3564 FLSPAR - ok
23:07:10.0878 3564 [ 84BF89B463893461C664880463E3EEDE ] FLSSER C:\WINDOWS\System32\Drivers\flsser.sys
23:07:10.0888 3564 FLSSER - ok
23:07:10.0938 3564 [ 566D0FD2A966A239DAC9D3905573B06E ] FLSVCOM C:\WINDOWS\System32\Drivers\flsvcom.sys
23:07:10.0938 3564 FLSVCOM - ok
23:07:11.0028 3564 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:07:11.0058 3564 FltMgr - ok
23:07:11.0168 3564 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:07:11.0178 3564 FontCache3.0.0.0 - ok
23:07:11.0208 3564 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:07:11.0218 3564 Fs_Rec - ok
23:07:11.0289 3564 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:07:11.0349 3564 Ftdisk - ok
23:07:11.0419 3564 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys
23:07:11.0439 3564 GcKernel - ok
23:07:11.0499 3564 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:07:11.0499 3564 GEARAspiWDM - ok
23:07:11.0599 3564 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
23:07:11.0599 3564 getPlusHelper - ok
23:07:11.0669 3564 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
23:07:11.0679 3564 ggflt - ok
23:07:11.0719 3564 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
23:07:11.0719 3564 ggsemc - ok
23:07:11.0789 3564 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:07:11.0799 3564 Gpc - ok
23:07:11.0929 3564 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:07:11.0939 3564 helpsvc - ok
23:07:11.0960 3564 HidServ - ok
23:07:12.0030 3564 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
23:07:12.0030 3564 HIDSwvd - ok
23:07:12.0080 3564 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:07:12.0090 3564 HidUsb - ok
23:07:12.0160 3564 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:07:12.0210 3564 hkmsvc - ok
23:07:12.0230 3564 hpn - ok
23:07:12.0260 3564  hpt3xx - ok
23:07:12.0380 3564 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:07:12.0490 3564 HTTP - ok
23:07:12.0540 3564 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:07:12.0570 3564 HTTPFilter - ok
23:07:12.0620 3564 hwdatacard - ok
23:07:12.0661 3564 i2omgmt - ok
23:07:12.0681 3564 i2omp - ok
23:07:12.0781 3564 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:07:12.0811 3564 i8042prt - ok
23:07:12.0851 3564 [ 067A88764593B1F46A6CFB00C69C11EB ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
23:07:12.0861 3564 IBMPMDRV - ok
23:07:12.0931 3564 [ 21ABD7E16659602723F984F512C65E02 ] IBMPMSVC C:\WINDOWS\System32\ibmpmsvc.exe
23:07:12.0941 3564 IBMPMSVC - ok
23:07:13.0081 3564 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:07:13.0081 3564 IDriverT - ok
23:07:13.0372 3564 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:07:13.0612 3564 idsvc - ok
23:07:13.0662 3564 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:07:13.0682 3564 Imapi - ok
23:07:13.0782 3564 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
23:07:13.0832 3564 ImapiService - ok
23:07:13.0872 3564 ini910u - ok
23:07:13.0922 3564 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:07:13.0922 3564 IntelIde - ok
23:07:13.0992 3564 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:07:14.0022 3564 intelppm - ok
23:07:14.0073 3564 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:07:14.0093 3564 ip6fw - ok
23:07:14.0153 3564 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:07:14.0173 3564 IpFilterDriver - ok
23:07:14.0243 3564 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:07:14.0253 3564 IpInIp - ok
23:07:14.0353 3564 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:07:14.0393 3564 IpNat - ok
23:07:14.0653 3564 [ 066F2BBE2EEC9A42B065B552BF356B4E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:07:14.0864 3564 iPod Service - ok
23:07:14.0934 3564 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:07:14.0964 3564 IPSec - ok
23:07:15.0024 3564 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
23:07:15.0054 3564 irda - ok
23:07:15.0084 3564 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:07:15.0094 3564 IRENUM - ok
23:07:15.0154 3564 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
23:07:15.0174 3564 Irmon - ok
23:07:15.0304 3564 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:07:15.0324 3564 isapnp - ok
23:07:15.0354 3564 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:07:15.0364 3564 Kbdclass - ok
23:07:15.0394 3564 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:07:15.0404 3564 kbdhid - ok
23:07:15.0495 3564 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:07:15.0565 3564 kmixer - ok
23:07:15.0655 3564 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:07:15.0675 3564 KSecDD - ok
23:07:15.0825 3564 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:07:15.0885 3564 lanmanserver - ok
23:07:15.0985 3564 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:07:16.0035 3564 lanmanworkstation - ok
23:07:16.0055 3564 lbrtfdc - ok
23:07:16.0126 3564 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:07:16.0146 3564 LmHosts - ok
23:07:16.0406 3564 [ DD226891303D5118648AD4B911F37822 ] LucentSoftModem C:\WINDOWS\system32\DRIVERS\LTSM.sys
23:07:16.0636 3564 LucentSoftModem - ok
23:07:17.0387 3564 [ 8113133EC42DD6C566908008CE913EDD ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
23:07:17.0978 3564 LVcKap - ok
23:07:18.0749 3564 [ 0DD5B8AF4917A2821047450195C511B3 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
23:07:18.0809 3564 LVMVDrv - ok
23:07:18.0889 3564 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
23:07:18.0910 3564 LVPr2Mon - ok
23:07:19.0050 3564 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:07:19.0090 3564 LVPrcSrv - ok
23:07:19.0180 3564 [ 656180E9C0C5199520972426C44BC2F0 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
23:07:19.0210 3564 LVSrvLauncher - ok
23:07:19.0230 3564 LVUSBSta - ok
23:07:19.0300 3564 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:07:19.0360 3564 Messenger - ok
23:07:19.0420 3564 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:07:19.0430 3564 mnmdd - ok
23:07:19.0470 3564 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:07:19.0490 3564 mnmsrvc - ok
23:07:19.0550 3564 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:07:19.0570 3564 Modem - ok
23:07:19.0601 3564 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:07:19.0621 3564 Mouclass - ok
23:07:19.0711 3564 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:07:19.0721 3564 MountMgr - ok
23:07:19.0841 3564 [ 5E0686615A80A6279B2314E13CD23F6E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:07:19.0861 3564 MozillaMaintenance - ok
23:07:19.0881 3564 mraid35x - ok
23:07:19.0971 3564 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:07:20.0031 3564 MRxDAV - ok
23:07:20.0241 3564 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:07:20.0432 3564 MRxSmb - ok
23:07:20.0492 3564 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:07:20.0502 3564 MSDTC - ok
23:07:20.0562 3564 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:07:20.0562 3564 Msfs - ok
23:07:20.0582 3564 MSIServer - ok
23:07:20.0622 3564 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:07:20.0632 3564 MSKSSRV - ok
23:07:20.0692 3564 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:07:20.0702 3564 MSPCLOCK - ok
23:07:20.0752 3564 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:07:20.0762 3564 MSPQM - ok
23:07:20.0802 3564 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:07:20.0812 3564 mssmbios - ok
23:07:20.0862 3564 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:07:20.0862 3564 MSTEE - ok
23:07:20.0952 3564 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:07:20.0993 3564 Mup - ok
23:07:21.0053 3564 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:07:21.0073 3564 NABTSFEC - ok
23:07:21.0213 3564 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:07:21.0343 3564 napagent - ok
23:07:21.0433 3564 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:07:21.0503 3564 NDIS - ok
23:07:21.0553 3564 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:07:21.0563 3564 NdisIP - ok
23:07:21.0623 3564 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:07:21.0633 3564 NdisTapi - ok
23:07:21.0714 3564 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:07:21.0724 3564 Ndisuio - ok
23:07:21.0794 3564 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:07:21.0834 3564 NdisWan - ok
23:07:21.0914 3564 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:07:21.0924 3564 NDProxy - ok
23:07:21.0974 3564 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
23:07:21.0984 3564 Netaapl - ok
23:07:22.0034 3564 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:07:22.0044 3564 NetBIOS - ok
23:07:22.0144 3564 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:07:22.0214 3564 NetBT - ok
23:07:22.0304 3564 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:07:22.0354 3564 NetDDE - ok
23:07:22.0395 3564 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:07:22.0485 3564 NetDDEdsdm - ok
23:07:22.0535 3564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
23:07:22.0555 3564 Netlogon - ok
23:07:22.0685 3564 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:07:22.0825 3564 Netman - ok
23:07:22.0925 3564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:07:23.0045 3564 NetTcpPortSharing - ok
23:07:23.0196 3564 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:07:23.0306 3564 Nla - ok
23:07:23.0356 3564 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:07:23.0376 3564 nm - ok
23:07:23.0426 3564 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:07:23.0426 3564 Npfs - ok
23:07:23.0496 3564 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
23:07:23.0506 3564 NSCIRDA - ok
23:07:23.0766 3564 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:07:24.0047 3564 Ntfs - ok
23:07:24.0097 3564 [ 15A72D5B8F0B6A718207F14BD5EBB8FF ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23:07:24.0107 3564 NTIDrvr - ok
23:07:24.0147 3564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:07:24.0157 3564 NtLmSsp - ok
23:07:24.0327 3564 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:07:24.0508 3564 NtmsSvc - ok
23:07:24.0558 3564 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:07:24.0568 3564 Null - ok
23:07:24.0648 3564 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
23:07:24.0678 3564 NWCWorkstation - ok
23:07:24.0758 3564 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:07:24.0758 3564 NwlnkFlt - ok
23:07:24.0798 3564 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:07:24.0818 3564 NwlnkFwd - ok
23:07:24.0898 3564 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:07:24.0928 3564 NwlnkIpx - ok
23:07:24.0988 3564 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:07:25.0008 3564 NwlnkNb - ok
23:07:25.0068 3564 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:07:25.0088 3564 NwlnkSpx - ok
23:07:25.0209 3564 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:07:25.0269 3564 NWRDR - ok
23:07:25.0349 3564 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:07:25.0389 3564 Parport - ok
23:07:25.0439 3564 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:07:25.0449 3564 PartMgr - ok
23:07:25.0489 3564 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:07:25.0499 3564 ParVdm - ok
23:07:25.0559 3564 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:07:25.0589 3564 PCI - ok
23:07:25.0609 3564 PCIDump - ok
23:07:25.0639 3564 PCIIde - ok
23:07:25.0729 3564 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:07:25.0769 3564 Pcmcia - ok
23:07:25.0799 3564 PDCOMP - ok
23:07:25.0819 3564 PDFRAME - ok
23:07:25.0839 3564 PDRELI - ok
23:07:25.0870 3564 PDRFRAME - ok
23:07:25.0980 3564 PEEK5 - ok
23:07:26.0010 3564 pepifilter - ok
23:07:26.0030 3564 perc2 - ok
23:07:26.0050 3564 perc2hib - ok
23:07:26.0130 3564 PID_PEPI - ok
23:07:26.0200 3564 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:07:26.0230 3564 PlugPlay - ok
23:07:26.0280 3564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
23:07:26.0300 3564 PolicyAgent - ok
23:07:26.0370 3564 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:07:26.0400 3564 PptpMiniport - ok
23:07:26.0430 3564 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:07:26.0450 3564 Processor - ok
23:07:26.0480 3564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:07:26.0490 3564 ProtectedStorage - ok
23:07:26.0561 3564 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:07:26.0581 3564 PSched - ok
23:07:26.0631 3564 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:07:26.0651 3564 Ptilink - ok
23:07:26.0731 3564 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:07:26.0731 3564 PxHelp20 - ok
23:07:26.0761 3564 ql1080 - ok
23:07:26.0781 3564 Ql10wnt - ok
23:07:26.0801 3564 ql12160 - ok
23:07:26.0831 3564 ql1240 - ok
23:07:26.0851 3564 ql1280 - ok
23:07:26.0901 3564 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:07:26.0911 3564 RasAcd - ok
23:07:26.0981 3564 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:07:27.0011 3564 RasAuto - ok
23:07:27.0071 3564 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:07:27.0081 3564 Rasirda - ok
23:07:27.0141 3564 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:07:27.0161 3564 Rasl2tp - ok
23:07:27.0292 3564 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:07:27.0412 3564 RasMan - ok
23:07:27.0472 3564 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:07:27.0502 3564 RasPppoe - ok
23:07:27.0542 3564 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:07:27.0552 3564 Raspti - ok
23:07:27.0682 3564 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:07:27.0772 3564 Rdbss - ok
23:07:27.0822 3564 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:07:27.0832 3564 RDPCDD - ok
23:07:27.0993 3564 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:07:28.0103 3564 rdpdr - ok
23:07:28.0223 3564 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:07:28.0273 3564 RDPWD - ok
23:07:28.0343 3564 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:07:28.0413 3564 RDSessMgr - ok
23:07:28.0463 3564 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:07:28.0483 3564 redbook - ok
23:07:28.0563 3564 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:07:28.0583 3564 RemoteAccess - ok
23:07:28.0654 3564 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:07:28.0674 3564 RemoteRegistry - ok
23:07:28.0724 3564 Roxio UPnP Renderer 9 - ok
23:07:28.0744 3564 Roxio Upnp Server 9 - ok
23:07:28.0794 3564 RoxLiveShare9 - ok
23:07:28.0874 3564 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
23:07:28.0904 3564 RpcLocator - ok
23:07:29.0094 3564 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:07:29.0144 3564 RpcSs - ok
23:07:29.0244 3564 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:07:29.0445 3564 RSVP - ok
23:07:29.0575 3564 [ 1C507A537140FA2E1FC6AB832901EC04 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
23:07:29.0655 3564 RTL8187B - ok
23:07:29.0775 3564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:07:29.0785 3564 SamSs - ok
23:07:29.0845 3564 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:07:29.0845 3564 SASDIFSV - ok
23:07:29.0905 3564 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:07:29.0905 3564 SASKUTIL - ok
23:07:29.0975 3564 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:07:30.0025 3564 SCardSvr - ok
23:07:30.0146 3564 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:07:30.0256 3564 Schedule - ok
23:07:30.0316 3564 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:07:30.0326 3564 Secdrv - ok
23:07:30.0376 3564 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:07:30.0396 3564 seclogon - ok
23:07:30.0596 3564 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
23:07:30.0596 3564 seehcri - ok
23:07:30.0646 3564 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:07:30.0686 3564 SENS - ok
23:07:30.0747 3564 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:07:30.0757 3564 serenum - ok
23:07:30.0797 3564 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:07:30.0847 3564 Serial - ok
23:07:30.0967 3564 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
23:07:30.0977 3564 sfdrv01 - ok
23:07:31.0017 3564 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
23:07:31.0017 3564 sfhlp02 - ok
23:07:31.0067 3564 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:07:31.0077 3564 Sfloppy - ok
23:07:31.0117 3564 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
23:07:31.0127 3564 sfsync02 - ok
23:07:31.0297 3564 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:07:31.0438 3564 SharedAccess - ok
23:07:31.0638 3564 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:07:31.0678 3564 ShellHWDetection - ok
23:07:31.0718 3564 Simbad - ok
23:07:31.0778 3564 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:07:31.0788 3564 SLIP - ok
23:07:31.0828 3564 Sparrow - ok
23:07:31.0858 3564 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:07:31.0868 3564 splitter - ok
23:07:31.0938 3564 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:07:31.0988 3564 Spooler - ok
23:07:32.0269 3564 [ 4F576E516CC76EC50A244586BCFA1C78 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:07:32.0309 3564 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4F576E516CC76EC50A244586BCFA1C78
23:07:32.0319 3564 sptd ( LockedFile.Multi.Generic ) - warning
23:07:32.0319 3564 sptd - detected LockedFile.Multi.Generic (1)
23:07:32.0399 3564 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:07:32.0429 3564 sr - ok
23:07:32.0549 3564 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
23:07:32.0659 3564 srservice - ok
23:07:32.0850 3564 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:07:33.0030 3564 Srv - ok
23:07:33.0120 3564 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:07:33.0170 3564 ssadbus - ok
23:07:33.0240 3564 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:07:33.0250 3564 ssadmdfl - ok
23:07:33.0330 3564 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:07:33.0360 3564 ssadmdm - ok
23:07:33.0430 3564 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:07:33.0480 3564 SSDPSRV - ok
23:07:33.0561 3564 [ 1F730FDDC8E4602ECFD8D143F970CF82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
23:07:33.0561 3564 StarOpen - ok
23:07:33.0641 3564 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
23:07:33.0651 3564 StillCam - ok
23:07:33.0851 3564 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:07:34.0011 3564 stisvc - ok
23:07:34.0031 3564 stllssvr - ok
23:07:34.0091 3564 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:07:34.0101 3564 streamip - ok
23:07:34.0131 3564 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum  C:\WINDOWS\system32\DRIVERS\swenum.sys
23:07:34.0141 3564 swenum - ok
23:07:34.0222 3564 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:07:34.0242 3564 swmidi - ok
23:07:34.0272 3564 SwPrv - ok
23:07:34.0302 3564 symc810 - ok
23:07:34.0332 3564 symc8xx - ok
23:07:34.0352 3564 sym_hi - ok
23:07:34.0372 3564 sym_u3 - ok
23:07:34.0512 3564 [ 1CDE0A5C0416187B9B89E03980C6E8DE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:07:34.0592 3564 SynTP - ok
23:07:34.0652 3564 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:07:34.0712 3564 sysaudio - ok
23:07:34.0782 3564 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:07:34.0832 3564 SysmonLog - ok
23:07:34.0953 3564 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:07:35.0083 3564 TapiSrv - ok
23:07:35.0263 3564 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:07:35.0383 3564 Tcpip - ok
23:07:35.0433 3564 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:07:35.0443 3564 TDPIPE - ok
23:07:35.0493 3564 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:07:35.0503 3564 TDTCP - ok
23:07:35.0573 3564 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:07:35.0604 3564 TermDD - ok
23:07:35.0724 3564 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:07:35.0844 3564 TermService - ok
23:07:35.0934 3564 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:07:35.0954 3564 Themes - ok
23:07:36.0024 3564 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
23:07:36.0074 3564 TlntSvr - ok
23:07:36.0084 3564 TosIde - ok
23:07:36.0174 3564 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:07:36.0234 3564 TrkWks - ok
23:07:36.0305 3564 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:07:36.0335 3564 Udfs - ok
23:07:36.0355 3564 ultra - ok
23:07:36.0535 3564 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:07:36.0685 3564 Update - ok
23:07:36.0785 3564 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:07:36.0875 3564 upnphost - ok
23:07:36.0915 3564 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:07:36.0945 3564 UPS - ok
23:07:37.0006 3564 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:07:37.0016 3564 USBAAPL - ok
23:07:37.0086 3564 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:07:37.0126 3564 usbaudio - ok
23:07:37.0186 3564 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:07:37.0206 3564 usbccgp - ok
23:07:37.0286 3564 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:07:37.0346 3564 usbhub - ok
23:07:37.0406 3564 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:07:37.0426 3564 usbprint - ok
23:07:37.0476 3564 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:07:37.0486 3564 usbscan - ok
23:07:37.0556 3564 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
23:07:37.0596 3564 usbser - ok
23:07:37.0646 3564 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:07:37.0676 3564 USBSTOR - ok
23:07:37.0737 3564 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:07:37.0757 3564 usbuhci - ok
23:07:37.0847 3564 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:07:37.0887 3564 usbvideo - ok
23:07:37.0937 3564 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:07:37.0947 3564 VgaSave - ok
23:07:37.0967 3564 ViaIde - ok
23:07:38.0037 3564 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:07:38.0037 3564 VolSnap - ok
23:07:38.0167 3564 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:07:38.0257 3564 VSS - ok
23:07:38.0277 3564 vToolbarUpdater17.1.2 - ok
23:07:38.0398 3564 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
23:07:38.0488 3564 W32Time - ok
23:07:38.0548 3564 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:07:38.0578 3564 Wanarp - ok
23:07:38.0768 3564 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:07:38.0928 3564 Wdf01000 - ok
23:07:38.0948 3564 WDICA - ok
23:07:39.0038 3564 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:07:39.0079 3564 wdmaud - ok
23:07:39.0139 3564 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:07:39.0209 3564 WebClient - ok
23:07:39.0379 3564 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:07:39.0439 3564 winmgmt - ok
23:07:39.0569 3564 [ DCA17912A1926AE427537648FC0E74D5 ] wlluc48 C:\WINDOWS\system32\DRIVERS\wlluc48.sys
23:07:39.0619 3564 wlluc48 - ok
23:07:39.0790 3564 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:07:39.0820 3564 WmdmPmSN - ok
23:07:40.0110 3564 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:07:40.0350 3564 Wmi - ok
23:07:40.0450 3564 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:07:40.0491 3564 WmiApSrv - ok
23:07:40.0801 3564 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:07:41.0061 3564 WMPNetworkSvc - ok
23:07:41.0111 3564 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:07:41.0121 3564 WpdUsb - ok
23:07:41.0422 3564 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:07:41.0682 3564 WPFFontCache_v0400 - ok
23:07:41.0742 3564 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:07:41.0752 3564 WS2IFSL - ok
23:07:41.0842 3564 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:07:41.0913 3564 wscsvc - ok
23:07:41.0973 3564 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:07:41.0983 3564 WSTCODEC - ok
23:07:42.0023 3564 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:07:42.0063 3564 wuauserv - ok
23:07:42.0143 3564 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:07:42.0143 3564 WudfPf - ok
23:07:42.0213 3564 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:07:42.0233 3564 WudfRd - ok
23:07:42.0283 3564 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:07:42.0343 3564 WudfSvc - ok
23:07:42.0584 3564 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:07:42.0894 3564 WZCSVC - ok
23:07:42.0974 3564 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:07:43.0044 3564 xmlprov - ok
23:07:43.0104 3564 [ 00AE175B903D45ED4A62384D3315DC2A ] ZDPSp50 C:\WINDOWS\system32\Drivers\ZDPSp50.sys
23:07:43.0114 3564 ZDPSp50 - ok
23:07:43.0214 3564 ================ Scan global ===============================
23:07:43.0285 3564 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:07:43.0455 3564 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:07:43.0725 3564 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:07:43.0855 3564 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:07:43.0875 3564 [Global] - ok
23:07:43.0885 3564 ================ Scan MBR ==================================
23:07:43.0915 3564 [ D10F1090C2A1DA838DEE05AA4CA56FBD ] \Device\Harddisk0\DR0
23:07:44.0186 3564 \Device\Harddisk0\DR0 - ok
23:07:44.0196 3564 ================ Scan VBR ==================================
23:07:44.0206 3564 [ BB408B617F19708F5B72C53005C84F90 ] \Device\Harddisk0\DR0\Partition1
23:07:44.0216 3564 \Device\Harddisk0\DR0\Partition1 - ok
23:07:44.0226 3564 ============================================================
23:07:44.0226 3564 Scan finished
23:07:44.0226 3564 ============================================================
23:07:44.0276 1612 Detected object count: 1
23:07:44.0276 1612 Actual detected object count: 1
23:08:38.0905 1612 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:08:38.0905 1612 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
23:08:58.0192 3392 Deinitialize success


----------



## Cookiegal (Aug 27, 2003)

OK, that's fine. The detection is because of Daemon Tools.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## sharpeye72 (Aug 18, 2009)

I have just tried to follow those instructions, however, when combofix was about to run it displayed a message warning me of ZoneAlarm being installed which is another piece of security software that I thought I'd removed years ago.
Do you have a link to anything that will remove these residual traces of ZoneAlarm?


----------



## Cookiegal (Aug 27, 2003)

This should do it:

http://www.bleepingcomputer.com/download/zonealarm-uninstall-tool/


----------



## sharpeye72 (Aug 18, 2009)

That didn't work, it still says its detected zonealarm antivirus


----------



## Cookiegal (Aug 27, 2003)

Did you reboot after running the removal tool?


----------



## sharpeye72 (Aug 18, 2009)

Yes, I've run it twice now and rebooted both times


----------



## Cookiegal (Aug 27, 2003)

Please go ahead with ComboFix anyway. I don't see any entries in any of the logs for ZoneAlarm so I believe it's probably only in the WBEM folder and we can remove it later.


----------



## sharpeye72 (Aug 18, 2009)

Its no good, I had it running for nearly an hour but nothing was happening. As soon as I tried to go into task manager my laptop froze.


----------



## Cookiegal (Aug 27, 2003)

Please try running ComboFix in safe mode.


----------



## sharpeye72 (Aug 18, 2009)

good shout, I'll get back to you


----------



## Cookiegal (Aug 27, 2003)

I'm signing off for the night so I'll be back tomorrow.


----------



## sharpeye72 (Aug 18, 2009)

That was no good either, after running it for around half an hour I clicked on start to try to shut down but nothing happened, I tried to Ctrl+alt+del and the screen went black.


----------



## Cookiegal (Aug 27, 2003)

Alright then let's try this.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## sharpeye72 (Aug 18, 2009)

Hi Cookiegal, thanks for this, here are the scan results

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by user (administrator) on T30-UWZS1Q0D4LJ on 26-11-2013 13:57:47
Running from C:\Documents and Settings\user\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe
(Realtek Semiconductor Corp.) C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\edd7227b-e234-494c-bd91-62b7b0e3cb8c.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\Run: [PrivDogService] - "C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe"
HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] - "C:\Documents and Settings\All Users\Application Data\cisF.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [DAEMON Tools] - C:\Program Files\DAEMON Tools\daemon.exe [165784 2007-04-03] (DT Soft Ltd.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {955d5a36-18a3-11de-8aac-00096b93df5a} - E:\setup.exe AUTORUN=1
MountPoints2: {9ab7c660-8172-11df-b10e-00096b93df5a} - F:\AutoRun.exe
MountPoints2: {9ab7c663-8172-11df-b10e-00096b93df5a} - F:\AutoRun.exe
MountPoints2: {cfbf65a0-2b67-11dd-892a-00096b93df5a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk
ShortcutTarget: Micronet SP907GK Wireless Network Utility.lnk -> C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {AAC31524-0FD2-47DB-B233-F1420B9F13BA} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 05 c:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\searchplugins\installl-converter-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: PrivDog - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\Extensions\[email protected]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [73782 2005-11-11] ()
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
S2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 PEVSystemStart; C:\Puppy.exe\SWREG.3XE [518144 2000-08-31] (SteelWerX)
S4 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_501bc242\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_501bc242\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S2 FlexService; "C:\Program Files\RapidBIT\cisvc.exe" [x]
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [x]
S4 Roxio Upnp Server 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2012-07-27] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-02] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [238464 2010-05-13] (AVEO Corp)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-22] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dk2drv; C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys [49720 2011-10-03] (Data Encryption Systems Limited)
R2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider)
R2 FLE5WNNT; C:\WINDOWS\System32\Drivers\fle5wnnt.sys [33404 2011-10-03] (Data Encryption Systems Limited)
R2 FLSIFACE; C:\WINDOWS\System32\Drivers\flsiface.sys [14272 2011-10-03] (Data Encryption Systems Limited)
R2 FLSPAR; C:\WINDOWS\System32\Drivers\flspar.sys [16314 2011-10-03] (Data Encryption Systems Limited)
R2 FLSSER; C:\WINDOWS\System32\Drivers\flsser.sys [8344 2011-10-03] (Data Encryption Systems Limited)
R2 FLSVCOM; C:\WINDOWS\System32\Drivers\flsvcom.sys [35226 2011-10-03] (Data Encryption Systems Limited)
S3 GcKernel; C:\Windows\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
S3 HIDSwvd; C:\Windows\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
R3 LucentSoftModem; C:\Windows\System32\DRIVERS\LTSM.sys [802683 2001-08-17] (Lucent Technologies)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [238976 2007-06-01] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [682232 2007-10-25] ()
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 wlluc48; C:\Windows\System32\DRIVERS\wlluc48.sys [154624 2004-08-03] (Lucent Technologies)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
U5 dkpccard; C:\Windows\System32\Drivers\dkpccard.sys [14856 2011-10-03] (Data Encryption Systems Limited)
S4 hpt3xx; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 PEEK5; \??\C:\DOCUME~1\user\Desktop\AIRCRA~1.1-W\AIRCRA~1.1\bin\PEEK5.SYS [x]
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 ac57cl8g; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-06-28 23:59 - 2007-12-19 22:22 - 00000000 ____D C:\Documents and Settings\user\Application Data\MSN6
2017-06-28 23:48 - 2007-09-02 19:03 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HIDSwvd.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2017-05-29 21:47 - 2010-05-27 09:49 - 00000000 ____D C:\Documents and Settings\user\Desktop\mame32u901
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-05-29 21:35 - 2007-08-16 14:56 - 00002058 ____C C:\WINDOWS\mozver.dat
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:41 - 2017-04-27 04:50 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Program Files\Visiosonic
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-26 03:31 - 2013-11-26 03:35 - 00000000 ___SD C:\Puppy.exe
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2013-08-08 19:22 - 00000212 _____ C:\Boot.bak
2013-11-25 23:35 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-25 23:33 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-25 23:33 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-25 23:33 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-25 23:33 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-25 23:31 - 2013-11-25 23:32 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-25 23:26 - 2013-11-25 23:27 - 05149261 ____R (Swearware) C:\Documents and Settings\user\Desktop\Puppy.exe.exe
2013-11-25 22:07 - 2013-11-25 22:07 - 00003126 _____ C:\Documents and Settings\user\Desktop\ark.txt
2013-11-24 20:02 - 2013-11-26 12:31 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-11-24 20:02 - 2013-11-26 12:31 - 00000486 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2013-11-24 18:12 - 2013-11-24 18:12 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-11-24 18:11 - 2013-11-24 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adtrustmedia
2013-11-24 18:00 - 2013-11-24 20:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2013-11-24 17:57 - 2013-11-24 19:51 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\COMODO
2013-11-24 17:55 - 2013-11-24 20:02 - 00000000 ____D C:\Program Files\Comodo
2013-11-24 16:16 - 2013-11-24 20:37 - 00000000 ____D C:\AdwCleaner
2013-11-23 23:18 - 2013-11-23 23:19 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-20 19:55 - 2013-11-26 13:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-20 19:55 - 2013-11-20 20:07 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 19:55 - 2013-11-20 20:07 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:01 - 2013-11-20 23:56 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-16 06:01 - 2013-10-24 23:12 - 00873384 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2013-11-16 06:01 - 2013-10-24 23:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-16 06:00 - 2013-10-24 23:12 - 00796072 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-11-16 06:00 - 2013-10-24 23:12 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-16 05:29 - 2013-11-16 16:04 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 04:48 - 2013-11-25 20:06 - 00041430 _____ C:\WINDOWS\setupapi.log
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-02 14:06 - 2013-11-02 14:06 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-11-02 13:50 - 2013-11-24 14:48 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-02 13:50 - 2013-11-02 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-11-01 00:11 - 2013-11-01 00:12 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\The KMPlayer
2013-11-01 00:05 - 2013-11-01 00:42 - 00000000 ____D C:\Program Files\The KMPlayer

==================== One Month Modified Files and Folders =======

2017-06-29 00:13 - 2007-02-12 10:26 - 00001789 ____C C:\WINDOWS\system32\AUTOEXEC.NT
2017-06-29 00:00 - 2007-02-12 10:32 - 00000000 ____D C:\Program Files\MSN
2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:50 - 2017-04-27 04:41 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Program Files\Visiosonic
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2014-03-09 20:15 - 2008-04-05 19:33 - 00000268 ____H C:\sqmdata19.sqm
2014-03-09 20:15 - 2008-04-05 19:33 - 00000244 ____H C:\sqmnoopt19.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000268 ____H C:\sqmdata18.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000244 ____H C:\sqmnoopt18.sqm
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-26 13:36 - 2007-02-12 10:40 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-26 13:02 - 2013-11-20 19:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-26 12:41 - 2007-09-10 15:07 - 00000256 ____C C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2013-11-26 12:34 - 2012-09-28 23:11 - 01233552 ____C C:\WINDOWS\WindowsUpdate.log
2013-11-26 12:34 - 2012-07-27 15:03 - 00000387 _____ C:\WINDOWS\RTacDbg.txt
2013-11-26 12:32 - 2012-10-23 23:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-26 12:31 - 2013-11-24 20:02 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-11-26 12:31 - 2013-11-24 20:02 - 00000486 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2013-11-26 12:31 - 2012-09-28 23:11 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-11-26 12:31 - 2012-09-28 23:11 - 00000050 ____C C:\WINDOWS\wiaservc.log
2013-11-26 12:31 - 2012-06-26 20:50 - 00000354 ____C C:\WINDOWS\Tasks\Wise Care 365.job
2013-11-26 12:31 - 2009-09-24 08:09 - 00000236 ____C C:\WINDOWS\Tasks\OGALogon.job
2013-11-26 12:31 - 2007-02-12 10:36 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-11-26 03:35 - 2013-11-26 03:31 - 00000000 ___SD C:\Puppy.exe
2013-11-26 03:22 - 2007-02-12 10:41 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2007-02-12 10:24 - 00000328 __RSH C:\boot.ini
2013-11-25 23:32 - 2013-11-25 23:31 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-25 23:27 - 2013-11-25 23:26 - 05149261 ____R (Swearware) C:\Documents and Settings\user\Desktop\Puppy.exe.exe
2013-11-25 22:07 - 2013-11-25 22:07 - 00003126 _____ C:\Documents and Settings\user\Desktop\ark.txt
2013-11-25 20:06 - 2013-11-13 04:48 - 00041430 _____ C:\WINDOWS\setupapi.log
2013-11-24 20:37 - 2013-11-24 16:16 - 00000000 ____D C:\AdwCleaner
2013-11-24 20:21 - 2013-11-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2013-11-24 20:11 - 2007-07-01 02:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2013-11-24 20:02 - 2013-11-24 17:55 - 00000000 ____D C:\Program Files\Comodo
2013-11-24 19:51 - 2013-11-24 17:57 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\COMODO
2013-11-24 18:12 - 2013-11-24 18:12 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-11-24 18:11 - 2013-11-24 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adtrustmedia
2013-11-24 14:48 - 2013-11-02 13:50 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-24 14:45 - 2013-03-17 11:24 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-24 14:45 - 2012-10-26 12:48 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-24 14:45 - 2012-10-26 12:48 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-23 23:19 - 2013-11-23 23:18 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-23 22:13 - 2013-09-29 14:40 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\AVG SafeGuard toolbar
2013-11-23 22:13 - 2013-09-29 14:37 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVG SafeGuard toolbar
2013-11-23 15:03 - 2011-10-10 13:26 - 00002445 ____C C:\Documents and Settings\user\Desktop\HiJackThis.lnk
2013-11-23 15:01 - 2012-10-27 19:23 - 00000000 ____D C:\Documents and Settings\user\Application Data\uTorrent
2013-11-23 14:57 - 2013-02-14 17:27 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Deployment
2013-11-23 14:43 - 2007-02-12 10:21 - 00000000 ____D C:\WINDOWS\system
2013-11-23 02:43 - 2001-08-18 12:00 - 00002422 ____C C:\WINDOWS\system32\wpa.dbl
2013-11-23 02:18 - 2013-10-17 22:30 - 00167424 _____ C:\Documents and Settings\user\My Documents\season 14-15 squad.xls
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-22 21:23 - 2013-09-29 14:34 - 00003745 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-22 21:21 - 2012-06-12 20:20 - 00000000 ____D C:\WINDOWS\system32\cache
2013-11-22 21:17 - 2012-09-04 20:23 - 00037664 ____C (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-20 23:56 - 2013-11-16 16:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-20 23:56 - 2013-02-15 00:46 - 00000000 ____D C:\Program Files\Full Tilt Poker
2013-11-20 20:08 - 2007-08-02 14:19 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2013-11-20 20:07 - 2013-11-20 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 20:07 - 2013-11-20 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-20 17:36 - 2012-08-26 20:00 - 00095744 ____C C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-18 13:06 - 2011-07-31 21:10 - 00000284 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:04 - 2013-11-16 05:29 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 16:01 - 2012-08-19 07:43 - 00000000 ____D C:\Documents and Settings\user\Desktop\media players
2013-11-16 16:00 - 2012-08-19 07:39 - 00000000 ____D C:\Documents and Settings\user\Desktop\av and fw
2013-11-16 06:51 - 2012-09-29 11:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 06:36 - 2007-06-29 01:08 - 00000000 ____D C:\Program Files\Java
2013-11-16 06:36 - 2007-06-29 01:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2009-11-13 19:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-16 01:54 - 2012-10-30 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 20:46 - 2007-02-12 10:51 - 00002487 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2013-11-13 18:34 - 2011-04-17 00:06 - 00249936 _____ C:\WINDOWS\system32\Drivers\etc\hosts.umbrella
2013-11-13 02:10 - 2011-06-30 20:09 - 00000682 ____C C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-11-13 02:09 - 2011-06-30 20:09 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-11 12:43 - 2007-04-17 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-11-08 13:55 - 2012-10-26 12:50 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-11-05 17:19 - 2007-12-06 14:56 - 00026576 ____C C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2013-11-05 15:50 - 2012-08-19 07:40 - 00000000 ____D C:\Documents and Settings\user\Desktop\cv stiff
2013-11-03 19:34 - 2011-08-07 16:06 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-02 14:06 - 2013-11-02 14:06 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-11-02 13:50 - 2013-11-02 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-11-02 13:45 - 2013-03-17 11:24 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-11-02 13:45 - 2013-03-17 11:24 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-11-02 13:31 - 2012-10-23 23:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-02 13:20 - 2007-02-12 10:36 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2013-11-01 02:42 - 2007-02-12 10:21 - 00000000 ____D C:\WINDOWS\java
2013-11-01 01:34 - 2008-06-11 18:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-01 00:42 - 2013-11-01 00:05 - 00000000 ____D C:\Program Files\The KMPlayer
2013-11-01 00:12 - 2013-11-01 00:11 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\The KMPlayer
2013-10-31 23:25 - 2011-06-29 20:17 - 00000000 ____D C:\Documents and Settings\user\Application Data\vlc
2013-10-30 20:49 - 2012-10-27 19:25 - 00000000 ____D C:\Program Files\uTorrent
2013-10-30 19:28 - 2007-02-12 10:26 - 00647496 ____C C:\WINDOWS\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\catchme.dll
C:\Documents and Settings\user\Local Settings\Temp\ICReinstall_RedSn0w_Setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01
Ran by user at 2013-11-26 14:00:31
Running from C:\Documents and Settings\user\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ZoneAlarm Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

3herosoft iPhone to Computer Transfer (Version: 4.2.6.0503)
888poker
AC3Filter 2.5b (Version: 2.5b)
Adobe AIR (Version: 3.9.0.1030)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.133.2-050525a-024243C-IBM)
Auslogics DiskDefrag (Version: 4.3.1.0)
avast! Free Antivirus (Version: 9.0.2008)
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.07)
CDBurnerXP (Version: 4.5.2.4291)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CoreAAC
Debut Video Capture Software
DivX Setup (Version: 2.5.0.15)
DivxToDVD 0.5.2b (Version: 0.5.2b)
DK2 DESkey Drivers v7.14.0.25 (Version: 7.14.0.25)
EPSON Printer Software
FLS-4 Driver Installation
FM Modifier 2.25 (Version: 2.2.0.6)
Full Tilt Poker (Version: 4.55.4.WIN.FullTilt.COM)
Fuse Drivers (Version: 2010.02.0.342)
GOM Player (Version: 2.2.53.5169)
HiJackThis (Version: 1.0.0)
IBM ThinkPad UltraNav Driver
Indeo® Software
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Lucent Technologies Soft Modem AMR
Map Button (Windows Live Toolbar) (Version: 03.01.0146)
Micronet SP907GK Wireless Network Utility (Version: Package:1.00.0006 Driver:5.1089.601.2007 UI:500.1491.627.2007)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mini-SE_1.51 (Version: 1.1.0)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OneCare Advisor (Windows Live Toolbar) (Version: 03.01.0072)
PCDJ FX VRM
PCDJ KJ
PL-2303 USB-to-Serial (Version: 1.2.10)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0146)
PowerDVD
PrivDog (Version: 1.7.0.12)
QuickTime (Version: 7.70.80.34)
RapidBIT Suite (Version: 1.1.2)
Revo Uninstaller 1.94 (Version: 1.94)
Safari (Version: 5.34.57.2)
SEO SpyGlass
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
SUPERAntiSpyware (Version: 5.6.1012)
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0146)
The KMPlayer (remove only) (Version: 3.7.0.113)
ThinkPad Power Management Driver (Version: 1.33)
TurboTop 2.7 (Version: 2.7.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VideoPad Video Editor
Virtual DJ - Atomix Productions
VLC media player 2.1.0 (Version: 2.1.0)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Sign-in Assistant (Version: 4.100.313.1)
Windows Live Toolbar (Version: 03.01.0146)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0146)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

==================== Restore Points =========================

08-11-2013 14:42:09 System Checkpoint
10-11-2013 10:18:21 System Checkpoint
12-11-2013 18:23:51 Installed iTunes
12-11-2013 21:18:24 Installed iTunes
14-11-2013 15:37:56 System Checkpoint
16-11-2013 03:01:16 Installed iTunes
16-11-2013 05:35:31 Removed Java(TM) SE Runtime Environment 6 Update 1
16-11-2013 05:40:59 Removed Java(TM) 6 Update 5
16-11-2013 05:56:48 Removed Java(TM) 6 Update 45
16-11-2013 06:21:01 Removed Java(TM) 6 Update 2
17-11-2013 11:48:12 System Checkpoint
18-11-2013 14:08:55 System Checkpoint
20-11-2013 22:56:26 System Checkpoint
22-11-2013 22:07:29 Configured NTI CD & DVD-Maker
23-11-2013 14:31:19 Configured NTI CD & DVD-Maker
23-11-2013 22:01:37 Revo Uninstaller's restore point - AVG SafeGuard toolbar
24-11-2013 14:41:30 avast! antivirus system restore point
24-11-2013 20:14:30 Removed GeekBuddy.
25-11-2013 22:52:10 System Checkpoint

==================== Hosts content: ==========================

2001-08-18 12:00 - 2013-11-13 18:34 - 00249937 __RAC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com
127.0.0.1 139mm.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\Documents and Settings\All Users\Application Data\cisF.exe
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\Documents and Settings\All Users\Application Data\cis12.exe
Task: C:\WINDOWS\Tasks\debutShakeIcon.job => C:\Program Files\NCH Software\Debut\debut.exe
Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files\Wise Care 365\WiseTray.exe

==================== Loaded Modules (whitelisted) =============

2013-11-25 18:45 - 2013-11-25 17:19 - 02147840 _____ () C:\Program Files\AVAST Software\Avast\defs\13112501\algo.dll
2012-05-11 05:21 - 2012-05-11 05:21 - 00172544 _____ () C:\WINDOWS\system32\iMobileDisk.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-02 13:44 - 2013-11-02 13:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-03-26 09:40 - 2007-03-26 09:40 - 00131072 _____ () C:\Program Files\DAEMON Tools\cryptapi.dll
2007-04-05 00:27 - 2007-04-05 00:27 - 00007680 _____ () C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll
2012-07-27 15:02 - 2006-10-26 21:30 - 00131072 _____ () C:\Program Files\Micronet SP907GK Wireless Network Utility\EnumDevLib.dll
2012-07-27 15:02 - 2005-07-20 03:53 - 00966765 _____ () C:\Program Files\Micronet SP907GK Wireless Network Utility\acAuth.dll
2013-11-16 01:52 - 2013-11-16 01:53 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-11-20 19:55 - 2013-11-20 20:07 - 16237448 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll
2001-08-18 12:00 - 2013-01-02 06:49 - 01292288 ____C () C:\WINDOWS\System32\quartz.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:73B1147D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Toshiba Wireless LAN Mini PCI Card
Description: Toshiba Wireless LAN Mini PCI Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TOSHIBA
Service: wlluc48
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2007 11:26:11 AM) (Source: Application Error) (User: )
Description: Faulting application cpf.exe, version 2.4.0.58, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpf.exe!ws!]

Error: (08/04/2007 05:27:47 PM) (Source: Application Error) (User: )
Description: Faulting application cpfupdat.exe, version 2.4.0.5, faulting module unknown, version 0.0.0.0, fault address 0x0071001f.
Processing media-specific event for [cpfupdat.exe!ws!]

Error: (08/04/2007 03:45:55 PM) (Source: Application Error) (User: )
Description: Faulting application cpfupdat.exe, version 2.4.0.5, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpfupdat.exe!ws!]

Error: (08/04/2007 05:13:38 AM) (Source: Application Error) (User: )
Description: Faulting application cpfupdat.exe, version 2.4.0.5, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010de3.
Processing media-specific event for [cpfupdat.exe!ws!]

Error: (08/02/2007 04:20:07 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 1.8.20061.1023, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [firefox.exe!ws!]

Error: (07/30/2007 11:29:37 PM) (Source: Application Error) (User: )
Description: Faulting application secondlife.exe, version 1.17.2.0, faulting module secondlife.exe, version 1.17.2.0, fault address 0x00420870.
Processing media-specific event for [secondlife.exe!ws!]

Error: (07/30/2007 08:32:54 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.8.20061.1023, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/29/2007 05:29:41 PM) (Source: Application Hang) (User: )
Description: Hanging application FMGenieScout.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2007 10:49:43 PM) (Source: Application Error) (User: )
Description: Faulting application cpfupdat.exe, version 2.4.0.5, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010e03.
Processing media-specific event for [cpfupdat.exe!ws!]

Error: (07/24/2007 04:17:31 PM) (Source: Application Error) (User: )
Description: Fault bucket 412725910.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

System errors:
=============
Error: (06/29/2007 05:38:59 AM) (Source: 0) (User: )
Description: MSHOMETEST :1d192.168.2.3192.168.2.2

Error: (06/29/2017 00:27:48 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.2.3 on the
Network Card with network address 00022D7C8422.

Error: (06/29/2017 00:24:59 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.2.3 on the
Network Card with network address 00022D7C8422.

Error: (06/29/2017 00:21:15 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.2.3 on the
Network Card with network address 00022D7C8422.

Error: (06/29/2017 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Client Service for NetWare service terminated with the following error: 
%%5

Error: (06/29/2017 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The NWLink SPX/SPXII Protocol service failed to start due to the following error: 
%%5

Error: (06/29/2017 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The NWLink NetBIOS service failed to start due to the following error: 
%%5

Error: (06/29/2017 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed to start due to the following error: 
%%5

Error: (06/29/2017 00:13:49 AM) (Source: NWCWorkstation) (User: )
Description: The Microsoft Client Service for NetWare redirector (NWRDR) could not be started.

Error: (06/29/2017 00:12:31 AM) (Source: ipnathlp) (User: )
Description: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Microsoft Office Sessions:
=========================
Error: (08/27/2007 11:26:11 AM) (Source: Application Error)(User: )
Description: cpf.exe2.4.0.580.0.0.000000000

Error: (08/04/2007 05:27:47 PM) (Source: Application Error)(User: )
Description: cpfupdat.exe2.4.0.5unknown0.0.0.00071001f

Error: (08/04/2007 03:45:55 PM) (Source: Application Error)(User: )
Description: cpfupdat.exe2.4.0.50.0.0.000000000

Error: (08/04/2007 05:13:38 AM) (Source: Application Error)(User: )
Description: cpfupdat.exe2.4.0.5ntdll.dll5.1.2600.218000010de3

Error: (08/02/2007 04:20:07 PM) (Source: Application Error)(User: )
Description: firefox.exe1.8.20061.1023ntdll.dll5.1.2600.218000018fea

Error: (07/30/2007 11:29:37 PM) (Source: Application Error)(User: )
Description: secondlife.exe1.17.2.0secondlife.exe1.17.2.000420870

Error: (07/30/2007 08:32:54 PM) (Source: Application Hang)(User: )
Description: firefox.exe1.8.20061.1023hungapp0.0.0.000000000

Error: (07/29/2007 05:29:41 PM) (Source: Application Hang)(User: )
Description: FMGenieScout.exe0.0.0.0hungapp0.0.0.000000000

Error: (07/26/2007 10:49:43 PM) (Source: Application Error)(User: )
Description: cpfupdat.exe2.4.0.5ntdll.dll5.1.2600.218000010e03

Error: (07/24/2007 04:17:31 PM) (Source: Application Error)(User: )
Description: 412725910

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 1022.98 MB
Available physical RAM: 431.1 MB
Total Pagefile: 1311.64 MB
Available Pagefile: 820.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:11.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (110817_2000) (CDROM) (Total:4.09 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 37 GB) (Disk ID: 7D097D09)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Let's use some other tools.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## sharpeye72 (Aug 18, 2009)

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 11/26/2013 21:30:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} ("C:\Documents and Settings\All Users\Application Data\cisF.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job : C:\Documents and Settings\All Users\Application Data\cisF.exe - --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x][x] -> FOUND
[V1][SUSP PATH] CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job : C:\Documents and Settings\All Users\Application Data\cis12.exe - --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK4025GAS +++++
--- User ---
[MBR] ef0edbc6d29ed7fe4f47eb97bbaa0e67
[BSP] 3d6e79ed67a6461ea3fc9ccc3524f0bd : Legit.C MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11262013_213008.txt >>


----------



## Cookiegal (Aug 27, 2003)

I apologize for the delay. We're digging out from a snowstorm but I will be posting further instructions later on today. I just wanted to assure you that I've not abandoned your thread.


----------



## sharpeye72 (Aug 18, 2009)

Hey, no that's fine, other priorities must come first. I'm out at the mo, I could be 3 or 4 hours yet, there's no rush. 
I wanted to tell you, I'm still getting svchost.exe (or one of them at least) using every unused % of CPU which is killing my machine. When I kill the task (I took a risk) it runs better and the only apparent side effect is the keyboard language icon in the bottom right goes into windows 97 appearance. 
I don't know if that's an issue that's part and parcel of what were doing cos wherever we are when we say all done, if this task is still stealing CPU, I will keep killing the task.
Can I ask you a favour as well, where I live in the UK, snow is a rare thing, could you attatch a pic of your snow please. You don't have to buy I do miss proper snow !! =)


----------



## Cookiegal (Aug 27, 2003)

Can you tell me what this is?

C:\Documents and Settings\user\Desktop\*mame32u901*

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (vToolbarUpdater17.1.2) vToolbarUpdater17.1.2 [Auto | Stopped] -> 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Extensions [User Folders] > -> 
YY -> ~EmptyValue -> C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]
< FireFox SearchPlugins [User Folders] > -> 
YY ->  installl-converter-customized-web-search.xml -> C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\uw6sdi45.default-1382657574884\searchplugins\installl-converter-customized-web-search.xml
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" -> ["C:\Documents and Settings\All Users\Application Data\cisF.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}]
YN -> "PrivDogService" -> ["C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe"]
YN -> "SunJavaUpdateSched" -> ["C:\Program Files\Java\jre7\bin\jusched.exe"]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2025429265-746137067-854245398-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe" -> [C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent]
YN -> "C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-6.13.00.exe" -> [C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-6.13.00.exe:*:Enabled:TinyUmbrella - Save your SHSH!]
YN -> "C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-7.02.01a.exe" -> [C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-7.02.01a.exe:*:Enabled:TinyUmbrella - Save your SHSH!]
YN -> "C:\Documents and Settings\user\My Documents\Downloads\tinyumbrella-7.02.01a.exe" -> [C:\Documents and Settings\user\My Documents\Downloads\tinyumbrella-7.02.01a.exe:*:Enabled:TinyUmbrella - Save your SHSH!]
YN -> "C:\Program Files\Common Files\Comodo\tvnserver.exe" -> [C:\Program Files\Common Files\Comodo\tvnserver.exe:*:Enabled:TVN Server]
YN -> "C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe" -> [C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe:*:Enabled:KMPProcess]
YN -> "C:\Program Files\SopCast\SopCast.exe" -> [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application]
YN -> "C:\Program Files\Spotify\spotify.exe" -> [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify]
YN -> "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> COMODO Internet Security hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YY -> CrossRiderPlugin hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\CrossriderWebApps\Crossrider.exe
YN -> FLSDeviceControlPanel hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> UnlockerAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY ->  AdTrustMedia -> C:\Program Files\AdTrustMedia
NY ->  Adtrustmedia -> C:\Documents and Settings\All Users\Application Data\Adtrustmedia
NY ->  Comodo -> C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
NY ->  COMODO -> C:\Documents and Settings\user\Local Settings\Application Data\COMODO
NY ->  Comodo -> C:\Program Files\Comodo
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  hosts.umbrella -> C:\WINDOWS\System32\drivers\etc\hosts.umbrella
NY ->  23 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp
NY ->  23 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp
NY ->  23 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp
NY ->  2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  1 C:\WINDOWS\Temp\avg_a03276\ProgFiles\AVG SafeGuard toolbar\*.tmp files -> C:\WINDOWS\Temp\avg_a03276\ProgFiles\AVG SafeGuard toolbar\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp
NY ->  1 C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B1147D
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## sharpeye72 (Aug 18, 2009)

Sorry. last night came to an end much later than I had in mind !!

Im not sure I've done this right, When I tried to run OTS, Avast blocked it saying it was malware, then the OTS icon was gone. I disabled Avast and downloaded OTS again and pasted the fix. When it finished the fix pressing the ok button restarted my laptop but the log file wasn't created. I dont suppose it would be worth running again as the actions have already been taken.

MAME32 is Multiple Arcade Machine Emulator.


----------



## Cookiegal (Aug 27, 2003)

Yes, please run OTS again and post the new log so I can see if those items got removed.


----------



## sharpeye72 (Aug 18, 2009)

All Processes Killed
[Win32 Services - Safe List]
Service vToolbarUpdater17.1.2 stopped successfully!
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\modules folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\js\views folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\js\schemas folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\js\models folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\js\frameworks folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\js\engines folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\js folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\images folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\html\templates folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\html folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\css folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\config\serp folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content\config folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\uw6sdi45.default-1382657574884\searchplugins\installl-converter-customized-web-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PrivDogService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2025429265-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry value HKEY_USERS\S-1-5-21-2025429265-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-6.13.00.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Desktop\Pwnage\tinyumbrella-7.02.01a.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\My Documents\Downloads\tinyumbrella-7.02.01a.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Comodo\tvnserver.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spotify\spotify.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO Internet Security hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CrossRiderPlugin hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
C:\Program Files\CrossriderWebApps\Crossrider.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FLSDeviceControlPanel hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\js\schemas folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\js\models folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\js\frameworks folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\js folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\images folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\html folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\config\serp folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12\config folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\WebResources1.7.0.12 folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12 folder moved successfully.
C:\Program Files\AdTrustMedia\PrivDog folder moved successfully.
C:\Program Files\AdTrustMedia folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adtrustmedia\PrivDog folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Adtrustmedia folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Comodo folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\pnacl folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\User StyleSheets folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Session Storage folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Local Storage folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\zh_TW folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\zh_CN folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\vi folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\uk folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\tr folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\th folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sv folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sr folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sl folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sk folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ru folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ro folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pt_PT folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pt_BR folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pl folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\nl folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\nb folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\lv folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\lt folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ko folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ja folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\it folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\id folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hu folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hr folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hi folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fr folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fil folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fi folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\et folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\es_419 folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\es folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\en_GB folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\en folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\el folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\de folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\da folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\cs folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ca folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\bg folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\images folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\html folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\css folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales\uk folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales\ru folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales\en folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\js folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\default_services folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\css folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0 folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\privdog\ui folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\privdog folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\js\schemas folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\js\models folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\js\frameworks folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\js folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\images folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\html\templates folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\html folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\css folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0\config folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.7.0.12_0 folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.3_0\_locales\uk folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.3_0\_locales\ru folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.3_0\_locales\en folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.3_0\_locales folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.3_0 folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extension State folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data\Default folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon\User Data folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO\Dragon folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\COMODO folder moved successfully.
C:\Program Files\Comodo\GeekBuddy\logs\user folder moved successfully.
C:\Program Files\Comodo\GeekBuddy\logs folder moved successfully.
C:\Program Files\Comodo\GeekBuddy folder moved successfully.
C:\Program Files\Comodo folder moved successfully.
C:\WINDOWS\System32\SET5C.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\System32\drivers\etc\hosts.umbrella moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\7zS9.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\div21E.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\e4jA.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\e4jA.tmp_dir1384347396\exe4jlib.jar deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\e4jA.tmp_dir1384347396\i4jdel.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\e4jA.tmp_dir1384347396\umbrella-win.jar deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\e4jA.tmp_dir1384347396 folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\F428DAF6.TMP deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP\AppleApplicationSupport.msi deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP\AppleMobileDeviceSupport.msi deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP\AppleSoftwareUpdate.msi deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP\Bonjour.msi deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP\iTunes.msi deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP\SetupAdmin.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\IXP016.TMP folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\MSI2.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\MSI3.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\MSI4.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\MSI7.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsc3.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\AssocsB deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\Banner.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\dds.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\DDS.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\DDS00 deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\ffext.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\FileExtension.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\MBR.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\mbr.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\MSClsid.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\notifykeysB.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\notifykeysC.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\ns3D.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\nsExec.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\osidDDS.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\OsProp.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\PEV.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\Policies.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\RunMbr.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\RunSilent.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\SED.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\setpath_N.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\ShellExec.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\sqlite3.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\SvcWhtDDS.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\SvcWhtDDSVista.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\SvcWhtDDSW7.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\SvcWhtDDSW8.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\System.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\UserInfo.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\wlgn.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp\XP.mac deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nse3C.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\AssocsB deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\Banner.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\dds.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\DDS.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\DDS00 deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\ffext.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\FileExtension.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\MBR.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\mbr.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\MSClsid.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\notifykeysB.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\notifykeysC.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\ns5.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\nsExec.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\osidDDS.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\OsProp.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\PEV.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\Policies.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\RunMbr.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\RunSilent.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\SED.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\setpath_N.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\ShellExec.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\sqlite3.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\SvcWhtDDS.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\SvcWhtDDSVista.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\SvcWhtDDSW7.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\SvcWhtDDSW8.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\System.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\UserInfo.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\wlgn.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp\XP.mac deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsi4.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\AssocsB deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\dds.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\DDS.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\DDS00 deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\ffext.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\FileExtension.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\MBR.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\mbr.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\MSClsid.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\notifykeysB.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\notifykeysC.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\ns5.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\nsExec.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\osidDDS.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\OsProp.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\PEV.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\Policies.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\RunMbr.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\SED.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\setpath_N.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\ShellExec.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\sqlite3.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\SvcWhtDDS.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\SvcWhtDDSVista.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\SvcWhtDDSW7.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\SvcWhtDDSW8.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\System.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\UserInfo.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\wlgn.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp\XP.mac deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsl4.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsm3B.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\AssocsB deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\dds.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\DDS.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\DDS00 deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\ffext.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\FileExtension.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\MBR.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\mbr.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\MSClsid.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\notifykeysB.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\notifykeysC.com deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\ns6.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\nsExec.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\osidDDS.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\OsProp.vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\PEV.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\Policies.exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\RunMbr.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\SED.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\setpath_N.cmd deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\ShellExec.txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\sqlite3.DAT deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\SvcWhtDDS.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\SvcWhtDDSVista.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\SvcWhtDDSW7.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\SvcWhtDDSW8.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\System.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\UserInfo.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\wlgn.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp\XP.mac deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsn5.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsp4.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nst3.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\tmp-mgr-2268965231853130260.tmp\jna7348961605332607363.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\tmp-mgr-2268965231853130260.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\tmp-mgr-2284671679298979809.tmp\iBSS.n88ap deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\tmp-mgr-2284671679298979809.tmp\jna1071250765269601108.dll deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\tmp-mgr-2284671679298979809.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\utt31.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\~4B.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\~DF4D0D.tmp deleted successfully.
C:\WINDOWS\Temp\FireFoxSearchXml.tmp deleted successfully.
C:\WINDOWS\Temp\nsd79.tmp\distribution.dll deleted successfully.
C:\WINDOWS\Temp\nsd79.tmp\DragonPlugin.dll deleted successfully.
C:\WINDOWS\Temp\nsd79.tmp\System.dll deleted successfully.
C:\WINDOWS\Temp\nsd79.tmp folder deleted successfully.
C:\WINDOWS\Temp\avg_a03276\ProgFiles\AVG SafeGuard toolbar\FireFoxSearchXml.tmp deleted successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:73B1147D deleted successfully.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: LocalService
->Temp folder emptied: 1056984 bytes
->Temporary Internet Files folder emptied: 44267644 bytes
->Flash cache emptied: 492 bytes

User: NetworkService
->Temp folder emptied: 1985240 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 109044890 bytes
->Temporary Internet Files folder emptied: 2225842 bytes
->Java cache emptied: 42559485 bytes
->FireFox cache emptied: 99582833 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 8258128 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37790480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 322844444 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 306176 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 639.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 11282013_091411

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Can you please try running ComboFix again to see if it will work now?


----------



## sharpeye72 (Aug 18, 2009)

I'm still getting the same results. I'm in safe mode and I've had the blue autoscan box on screen and then nothing happens. It's been on screen for nearly an hour but its not frozen as the clock is still right


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## sharpeye72 (Aug 18, 2009)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/11/2013 23:28:49

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/08/2007 12:26:11
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cpf.exe, version 2.4.0.58, faulting module , version 0.0.0.0, fault address 0x00000000. 

Log: 'Application' Date/Time: 04/08/2007 18:27:47
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cpfupdat.exe, version 2.4.0.5, faulting module unknown, version 0.0.0.0, fault address 0x0071001f. 

Log: 'Application' Date/Time: 04/08/2007 16:45:55
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cpfupdat.exe, version 2.4.0.5, faulting module , version 0.0.0.0, fault address 0x00000000. 

Log: 'Application' Date/Time: 04/08/2007 06:13:38
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cpfupdat.exe, version 2.4.0.5, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010de3. 

Log: 'Application' Date/Time: 02/08/2007 17:20:07
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application firefox.exe, version 1.8.20061.1023, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. 

Log: 'Application' Date/Time: 31/07/2007 00:29:37
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application secondlife.exe, version 1.17.2.0, faulting module secondlife.exe, version 1.17.2.0, fault address 0x00420870. 

Log: 'Application' Date/Time: 30/07/2007 21:32:54
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.8.20061.1023, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 

Log: 'Application' Date/Time: 29/07/2007 18:29:41
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application FMGenieScout.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 

Log: 'Application' Date/Time: 26/07/2007 23:49:43
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cpfupdat.exe, version 2.4.0.5, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010e03. 

Log: 'Application' Date/Time: 24/07/2007 17:17:31
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket 412725910. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/09/2007 00:12:42
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

Log: 'Application' Date/Time: 09/09/2007 00:01:10
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

Log: 'Application' Date/Time: 09/09/2007 00:01:09
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 

Log: 'Application' Date/Time: 02/09/2007 20:45:43
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

Log: 'Application' Date/Time: 02/09/2007 20:45:42
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 

Log: 'Application' Date/Time: 28/08/2007 02:33:36
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

Log: 'Application' Date/Time: 16/08/2007 12:36:25
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

Log: 'Application' Date/Time: 16/08/2007 12:36:24
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 

Log: 'Application' Date/Time: 13/08/2007 09:55:01
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

Log: 'Application' Date/Time: 04/08/2007 16:42:04
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user T30-UWZS1Q0D4LJ\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/06/2007 06:38:59
Type: error Category: 0
Event: 4321 Source: NetBT
The name "MSHOMETEST :1d" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not allow the name to be claimed by this machine. 

Log: 'System' Date/Time: 29/06/2017 01:27:48
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.2.3 on the Network Card with network address 00022D7C8422. 

Log: 'System' Date/Time: 29/06/2017 01:24:59
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.2.3 on the Network Card with network address 00022D7C8422. 

Log: 'System' Date/Time: 29/06/2017 01:21:15
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.2.3 on the Network Card with network address 00022D7C8422. 

Log: 'System' Date/Time: 29/06/2017 01:13:49
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Client Service for NetWare service terminated with the following error: Access is denied. 

Log: 'System' Date/Time: 29/06/2017 01:13:49
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The NWLink SPX/SPXII Protocol service failed to start due to the following error: Access is denied. 

Log: 'System' Date/Time: 29/06/2017 01:13:49
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The NWLink NetBIOS service failed to start due to the following error: Access is denied. 

Log: 'System' Date/Time: 29/06/2017 01:13:49
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed to start due to the following error: Access is denied. 

Log: 'System' Date/Time: 29/06/2017 01:13:49
Type: error Category: 0
Event: 9004 Source: NWCWorkstation
The Microsoft Client Service for NetWare redirector (NWRDR) could not be started. 

Log: 'System' Date/Time: 29/06/2017 01:12:31
Type: error Category: 0
Event: 32003 Source: ipnathlp
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/06/2017 05:57:47
Type: warning Category: 0
Event: 64008 Source: Windows File Protection
The protected system file c:\windows\system32\cdm.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. 

Log: 'System' Date/Time: 29/06/2017 01:27:49
Type: warning Category: 0
Event: 2504 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{559493BB-9D33-42B1-966F-E2EEE2D793C2}. 

Log: 'System' Date/Time: 29/06/2017 01:27:48
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00022D7C8422. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 

Log: 'System' Date/Time: 29/06/2017 01:24:59
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00022D7C8422. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 

Log: 'System' Date/Time: 29/06/2017 01:21:15
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00022D7C8422. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 

Log: 'System' Date/Time: 29/06/2017 01:12:31
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00022D7C8422. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 

Log: 'System' Date/Time: 29/06/2017 01:11:55
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00022D7C8422. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 

Log: 'System' Date/Time: 29/06/2017 01:04:55
Type: warning Category: 0
Event: 1009 Source: Dhcp
A network error occurred when trying to send a message. The error code is: An operation was attempted on something that is not a socket. . 

Log: 'System' Date/Time: 29/06/2017 01:04:53
Type: warning Category: 0
Event: 2504 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{559493BB-9D33-42B1-966F-E2EEE2D793C2}. 

Log: 'System' Date/Time: 29/06/2017 01:01:36
Type: warning Category: 0
Event: 1009 Source: Dhcp
A network error occurred when trying to send a message. The error code is: An operation was attempted on something that is not a socket. .


----------



## Cookiegal (Aug 27, 2003)

Let's try running chkdsk.

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up. This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## sharpeye72 (Aug 18, 2009)

The scan is underway, it's on stage 4 of 5 and its on 8 percent but I guess this is going to take some time, will get back to you tomorrow


----------



## sharpeye72 (Aug 18, 2009)

Im a little puzzled with this as there are 2 winlogon files and neither of those are dated correctly. Here are both of them

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 4/27/2007
Time: 04:28:46
User: N/A
Computer: T30-UWZS1Q0D4LJ
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------------------------------------------------------------------

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 8/16/2007
Time: 11:46:54
User: N/A
Computer: T30-UWZS1Q0D4LJ
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

When you look in the Event Viewer what are the dates showing for the latest events (for Error, Warning and Information) under Application and System? Are they are all 2007 or is there anything that says 2013?


----------



## sharpeye72 (Aug 18, 2009)

Everything in the list was either 2007 or 2017, those were the only winlogon entries


----------



## Cookiegal (Aug 27, 2003)

And you're absolutely sure that the time, date and year are correct?


----------



## sharpeye72 (Aug 18, 2009)

My laptop time and date are yes, when I ran the check disk yesterday I had to leave it running while I turned in for the night, I'm running it again now while I'm awake so I can keep tabs on it


----------



## Cookiegal (Aug 27, 2003)

OK, that's good.


----------



## sharpeye72 (Aug 18, 2009)

The check disk has just finished but there's no new winlogon entry.


----------



## sharpeye72 (Aug 18, 2009)

There are no entries of any kind that aren't 2007or 2017


----------



## Cookiegal (Aug 27, 2003)

Let's try clearing the Event Viewer.

Please go to *Start *- *Run *type in *eventvwr.msc* and his *Enter*.

Click on "Application" the "Action" and select "Clear All Events". Then do the same for "System".

Once that's done reboot the machine and run chkdsk again and let me know if winlogon gets created and if the dates of the new events are correct or not.


----------



## sharpeye72 (Aug 18, 2009)

Ok, I've done that and as you probably suspected, it has indeed created winlogon with the correct time stamp. Here is the contents of winlogon

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 12/1/2013
Time: 22:52:44
User: N/A
Computer: T30-UWZS1Q0D4LJ
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up instance tags for file 0xf95e.
Cleaning up minor inconsistencies on the drive.
Cleaning up 3634 unused index entries from index $SII of file 0x9.
Cleaning up 3634 unused index entries from index $SDH of file 0x9.
Cleaning up 3634 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

39070048 KB total disk space.
25801716 KB in 132940 files.
77452 KB in 12214 indexes.
0 KB in bad sectors.
333132 KB in use by the system.
65536 KB occupied by the log file.
12857748 KB available on disk.

4096 bytes in each allocation unit.
9767512 total allocation units on disk.
3214437 allocation units available on disk.

Internal Info:
e0 6d 02 00 0e 37 02 00 3b 8c 03 00 00 00 00 00 .m...7..;.......
77 87 00 00 04 00 00 00 72 13 00 00 00 00 00 00 w.......r.......
50 dc 1b 29 00 00 00 00 10 84 42 12 01 00 00 00 P..)......B.....
70 00 9f a0 00 00 00 00 a0 1d 39 d8 18 00 00 00 p.........9.....
00 1a 58 d0 01 00 00 00 80 30 ac c9 1c 00 00 00 ..X......0......
99 9e 36 00 00 00 00 00 98 38 07 00 4c 07 02 00 ..6......8..L...
00 00 00 00 00 d0 cf 26 06 00 00 00 b6 2f 00 00 .......&...../..

Windows has finished checking your disk.
Please wait while your computer restarts.
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 2 unused index entries from index $SII of file 0x9.
Cleaning up 2 unused index entries from index $SDH of file 0x9.
Cleaning up 2 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

39070048 KB total disk space.
25647264 KB in 133106 files.
77524 KB in 12245 indexes.
0 KB in bad sectors.
333132 KB in use by the system.
65536 KB occupied by the log file.
13012128 KB available on disk.

4096 bytes in each allocation unit.
9767512 total allocation units on disk.
3253032 allocation units available on disk.

Internal Info:
e0 6d 02 00 d3 37 02 00 46 8d 03 00 00 00 00 00 .m...7..F.......
77 87 00 00 04 00 00 00 42 05 00 00 00 00 00 00 w.......B.......
10 38 9c 29 00 00 00 00 50 c0 85 12 01 00 00 00 .8.)....P.......
d0 1d c9 3d 00 00 00 00 c0 99 0f 6f 19 00 00 00 ...=.......o....
a0 3f 66 e8 01 00 00 00 e0 f7 5f 16 1d 00 00 00 .?f......._.....
99 9e 36 00 00 00 00 00 98 38 07 00 f2 07 02 00 ..6......8......
00 00 00 00 00 80 62 1d 06 00 00 00 d5 2f 00 00 ......b....../..

Windows has finished checking your disk.
Please wait while your computer restarts.
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 3 unused index entries from index $SII of file 0x9.
Cleaning up 3 unused index entries from index $SDH of file 0x9.
Cleaning up 3 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

39070048 KB total disk space.
25859860 KB in 133275 files.
77564 KB in 12251 indexes.
0 KB in bad sectors.
333132 KB in use by the system.
65536 KB occupied by the log file.
12799492 KB available on disk.

4096 bytes in each allocation unit.
9767512 total allocation units on disk.
3199873 allocation units available on disk.

Internal Info:
e0 6d 02 00 82 38 02 00 43 8e 03 00 00 00 00 00 .m...8..C.......
77 87 00 00 04 00 00 00 43 05 00 00 00 00 00 00 w.......C.......
a0 cd a0 29 00 00 00 00 f0 a2 8f 13 01 00 00 00 ...)............
10 4f 30 3d 00 00 00 00 b0 fd a6 8d 19 00 00 00 .O0=............
70 c4 a9 e2 01 00 00 00 20 00 78 2f 1d 00 00 00 p....... .x/....
99 9e 36 00 00 00 00 00 98 38 07 00 9b 08 02 00 ..6......8......
00 00 00 00 00 50 5c 2a 06 00 00 00 db 2f 00 00 .....P\*...../..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

After restarting, windows has found 17 updates so I think I'd better let them install. It had me wondering if the svchost that has been running up to 99% CPU is something to do with these updates. 
I think these updates are going to take some time


----------



## Cookiegal (Aug 27, 2003)

Yes, it's likely the svchost.exe activity is related to the updates. Please do go ahead and install them.

After doing that please run FRST again and post the new log.


----------



## sharpeye72 (Aug 18, 2009)

Well, that all seemed to take forever but its all done at last. Here is the scan log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by user (administrator) on T30-UWZS1Q0D4LJ on 02-12-2013 10:38:39
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
(Farbar) C:\Documents and Settings\user\Desktop\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\edd7227b-e234-494c-bd91-62b7b0e3cb8c.exe [180184 2013-11-23] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [DAEMON Tools] - C:\Program Files\DAEMON Tools\daemon.exe [165784 2007-04-03] (DT Soft Ltd.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {955d5a36-18a3-11de-8aac-00096b93df5a} - E:\setup.exe AUTORUN=1
MountPoints2: {9ab7c660-8172-11df-b10e-00096b93df5a} - F:\AutoRun.exe
MountPoints2: {9ab7c663-8172-11df-b10e-00096b93df5a} - F:\AutoRun.exe
MountPoints2: {cfbf65a0-2b67-11dd-892a-00096b93df5a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk
ShortcutTarget: Micronet SP907GK Wireless Network Utility.lnk -> C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {AAC31524-0FD2-47DB-B233-F1420B9F13BA} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 05 c:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [73782 2005-11-11] ()
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_501bc242\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_501bc242\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S2 FlexService; "C:\Program Files\RapidBIT\cisvc.exe" [x]
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [x]
S4 Roxio Upnp Server 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2012-07-27] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-02] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [238464 2010-05-13] (AVEO Corp)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-22] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dk2drv; C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys [49720 2011-10-03] (Data Encryption Systems Limited)
R2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider)
R2 FLE5WNNT; C:\WINDOWS\System32\Drivers\fle5wnnt.sys [33404 2011-10-03] (Data Encryption Systems Limited)
R2 FLSIFACE; C:\WINDOWS\System32\Drivers\flsiface.sys [14272 2011-10-03] (Data Encryption Systems Limited)
R2 FLSPAR; C:\WINDOWS\System32\Drivers\flspar.sys [16314 2011-10-03] (Data Encryption Systems Limited)
R2 FLSSER; C:\WINDOWS\System32\Drivers\flsser.sys [8344 2011-10-03] (Data Encryption Systems Limited)
R2 FLSVCOM; C:\WINDOWS\System32\Drivers\flsvcom.sys [35226 2011-10-03] (Data Encryption Systems Limited)
S3 GcKernel; C:\Windows\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
S3 HIDSwvd; C:\Windows\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
R3 LucentSoftModem; C:\Windows\System32\DRIVERS\LTSM.sys [802683 2001-08-17] (Lucent Technologies)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [238976 2007-06-01] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [682232 2007-10-25] ()
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 wlluc48; C:\Windows\System32\DRIVERS\wlluc48.sys [154624 2004-08-03] (Lucent Technologies)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [x]
U5 dkpccard; C:\Windows\System32\Drivers\dkpccard.sys [14856 2011-10-03] (Data Encryption Systems Limited)
S4 hpt3xx; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 PEEK5; \??\C:\DOCUME~1\user\Desktop\AIRCRA~1.1-W\AIRCRA~1.1\bin\PEEK5.SYS [x]
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 a1tkhupo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-06-28 23:59 - 2007-12-19 22:22 - 00000000 ____D C:\Documents and Settings\user\Application Data\MSN6
2017-06-28 23:48 - 2007-09-02 19:03 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HIDSwvd.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2017-05-29 21:47 - 2010-05-27 09:49 - 00000000 ____D C:\Documents and Settings\user\Desktop\mame32u901
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-05-29 21:35 - 2007-08-16 14:56 - 00002058 ____C C:\WINDOWS\mozver.dat
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:41 - 2017-04-27 04:50 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Program Files\Visiosonic
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2013-12-02 10:38 - 2013-12-02 10:39 - 00015015 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 07:46 - 2013-12-02 09:11 - 00010578 _____ C:\WINDOWS\updspapi.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 07:22 - 2013-12-02 07:22 - 01092187 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST(1).exe
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:57 - 2013-12-02 06:06 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 05:43 - 2013-12-02 05:56 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:49 - 2013-12-02 03:58 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:35 - 2013-12-02 03:48 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00085986 _____ C:\WINDOWS\iis6.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00080378 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00038428 _____ C:\WINDOWS\ocgen.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00036675 _____ C:\WINDOWS\tsoc.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00026559 _____ C:\WINDOWS\comsetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00016131 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00014079 _____ C:\WINDOWS\netfxocm.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00005525 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004446 _____ C:\WINDOWS\ocmsn.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004043 _____ C:\WINDOWS\tabletoc.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004017 _____ C:\WINDOWS\msgsocm.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00001374 _____ C:\WINDOWS\imsins.log
2013-12-02 03:24 - 2013-12-02 09:12 - 00024224 _____ C:\WINDOWS\msmqinst.log
2013-12-02 03:24 - 2013-12-02 09:03 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-01 23:14 - 2013-12-01 23:19 - 00000000 ___SD C:\Puppy.exe
2013-12-01 14:12 - 2013-12-02 09:13 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-01 14:07 - 2013-12-02 09:03 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-01 14:04 - 2013-12-02 08:54 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-01 14:01 - 2013-12-02 08:44 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-01 13:58 - 2013-12-02 08:35 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-01 13:55 - 2013-12-02 08:25 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-01 13:55 - 2013-12-02 07:48 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-11-29 23:28 - 2013-11-29 23:29 - 00013013 _____ C:\VEW.txt
2013-11-28 23:46 - 2013-11-28 23:46 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:30 - 2013-11-26 21:30 - 00002523 _____ C:\Documents and Settings\user\Desktop\RKreport[0]_S_11262013_213008.txt
2013-11-26 21:25 - 2013-11-26 21:30 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:25 - 2013-11-26 21:25 - 00149712 _____ C:\Documents and Settings\user\Desktop\OTS.Txt
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2013-08-08 19:22 - 00000212 _____ C:\Boot.bak
2013-11-25 23:35 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-25 23:33 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-25 23:33 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-25 23:33 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-25 23:33 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-25 23:31 - 2013-11-25 23:32 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-25 23:26 - 2013-11-29 20:48 - 05150163 ____R (Swearware) C:\Documents and Settings\user\Desktop\Puppy.exe.exe
2013-11-25 22:07 - 2013-11-25 22:07 - 00003126 _____ C:\Documents and Settings\user\Desktop\ark.txt
2013-11-24 20:02 - 2013-12-02 10:29 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-11-24 20:02 - 2013-12-02 10:29 - 00000486 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2013-11-24 16:16 - 2013-11-24 20:37 - 00000000 ____D C:\AdwCleaner
2013-11-23 23:18 - 2013-11-23 23:19 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-20 19:55 - 2013-12-02 10:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-20 19:55 - 2013-11-20 20:07 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 19:55 - 2013-11-20 20:07 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:01 - 2013-11-26 19:10 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-16 06:01 - 2013-10-24 23:12 - 00873384 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2013-11-16 06:01 - 2013-10-24 23:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-16 06:00 - 2013-10-24 23:12 - 00796072 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-11-16 06:00 - 2013-10-24 23:12 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-16 05:29 - 2013-11-16 16:04 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 04:48 - 2013-12-02 03:49 - 00074227 _____ C:\WINDOWS\setupapi.log
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-02 14:06 - 2013-11-02 14:06 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-11-02 13:50 - 2013-11-24 14:48 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-02 13:50 - 2013-11-02 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

==================== One Month Modified Files and Folders =======

2017-06-29 00:13 - 2007-02-12 10:26 - 00001789 ____C C:\WINDOWS\system32\AUTOEXEC.NT
2017-06-29 00:00 - 2007-02-12 10:32 - 00000000 ____D C:\Program Files\MSN
2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:50 - 2017-04-27 04:41 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Program Files\Visiosonic
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2014-03-09 20:15 - 2008-04-05 19:33 - 00000268 ____H C:\sqmdata19.sqm
2014-03-09 20:15 - 2008-04-05 19:33 - 00000244 ____H C:\sqmnoopt19.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000268 ____H C:\sqmdata18.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000244 ____H C:\sqmnoopt18.sqm
2013-12-02 10:39 - 2013-12-02 10:38 - 00015015 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-02 10:37 - 2007-07-03 19:39 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-02 10:29 - 2013-11-24 20:02 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-12-02 10:29 - 2013-11-24 20:02 - 00000486 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2013-12-02 10:14 - 2007-02-12 10:40 - 00032124 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-02 10:02 - 2013-11-20 19:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-02 09:57 - 2012-07-27 15:03 - 00000387 _____ C:\WINDOWS\RTacDbg.txt
2013-12-02 09:56 - 2012-10-23 23:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-02 09:55 - 2012-06-26 20:50 - 00000354 ____C C:\WINDOWS\Tasks\Wise Care 365.job
2013-12-02 09:55 - 2009-09-24 08:09 - 00000236 ____C C:\WINDOWS\Tasks\OGALogon.job
2013-12-02 09:42 - 2012-09-28 23:11 - 01940303 ____C C:\WINDOWS\WindowsUpdate.log
2013-12-02 09:41 - 2007-09-10 15:07 - 00000256 ____C C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2013-12-02 09:31 - 2012-09-28 23:11 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-12-02 09:31 - 2012-09-28 23:11 - 00000049 ____C C:\WINDOWS\wiaservc.log
2013-12-02 09:31 - 2007-02-12 10:36 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-12-02 09:30 - 2007-02-12 10:25 - 00146016 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-02 09:28 - 2007-02-12 10:41 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini
2013-12-02 09:13 - 2013-12-02 03:24 - 00085986 _____ C:\WINDOWS\iis6.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00080378 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00038428 _____ C:\WINDOWS\ocgen.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00036675 _____ C:\WINDOWS\tsoc.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00026559 _____ C:\WINDOWS\comsetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00016131 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00014079 _____ C:\WINDOWS\netfxocm.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00005525 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004446 _____ C:\WINDOWS\ocmsn.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004043 _____ C:\WINDOWS\tabletoc.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004017 _____ C:\WINDOWS\msgsocm.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00001374 _____ C:\WINDOWS\imsins.log
2013-12-02 09:13 - 2013-12-01 14:12 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-02 09:12 - 2013-12-02 03:24 - 00024224 _____ C:\WINDOWS\msmqinst.log
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:11 - 2013-12-02 07:46 - 00010578 _____ C:\WINDOWS\updspapi.log
2013-12-02 09:03 - 2013-12-02 03:24 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-12-02 09:03 - 2013-12-01 14:07 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:54 - 2013-12-01 14:04 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:44 - 2013-12-01 14:01 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:35 - 2013-12-01 13:58 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 08:25 - 2013-12-01 13:55 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-02 08:05 - 2008-09-21 02:01 - 00000000 ____D C:\WINDOWS\ie7updates
2013-12-02 07:48 - 2013-12-01 13:55 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 07:22 - 2013-12-02 07:22 - 01092187 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST(1).exe
2013-12-02 07:12 - 2013-01-13 18:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-02 06:52 - 2007-02-12 10:26 - 00627386 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-02 06:06 - 2013-12-02 05:57 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:56 - 2013-12-02 05:43 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 04:17 - 2013-01-13 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-12-02 03:58 - 2013-12-02 03:49 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:49 - 2013-11-13 04:48 - 00074227 _____ C:\WINDOWS\setupapi.log
2013-12-02 03:48 - 2013-12-02 03:35 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-02 00:00 - 2013-08-07 18:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-01 23:19 - 2013-12-01 23:14 - 00000000 ___SD C:\Puppy.exe
2013-12-01 18:59 - 2013-10-17 22:30 - 00171520 _____ C:\Documents and Settings\user\My Documents\season 14-15 squad.xls
2013-11-29 23:29 - 2013-11-29 23:28 - 00013013 _____ C:\VEW.txt
2013-11-29 21:58 - 2012-08-19 07:40 - 00000000 ____D C:\Documents and Settings\user\Desktop\cv stiff
2013-11-29 20:48 - 2013-11-25 23:26 - 05150163 ____R (Swearware) C:\Documents and Settings\user\Desktop\Puppy.exe.exe
2013-11-28 23:46 - 2013-11-28 23:46 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:30 - 2013-11-26 21:30 - 00002523 _____ C:\Documents and Settings\user\Desktop\RKreport[0]_S_11262013_213008.txt
2013-11-26 21:30 - 2013-11-26 21:25 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:25 - 2013-11-26 21:25 - 00149712 _____ C:\Documents and Settings\user\Desktop\OTS.Txt
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 20:19 - 2013-02-15 00:46 - 00000000 ____D C:\Program Files\Full Tilt Poker
2013-11-26 19:10 - 2013-11-16 16:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2007-02-12 10:24 - 00000328 __RSH C:\boot.ini
2013-11-25 23:32 - 2013-11-25 23:31 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-25 22:07 - 2013-11-25 22:07 - 00003126 _____ C:\Documents and Settings\user\Desktop\ark.txt
2013-11-24 20:37 - 2013-11-24 16:16 - 00000000 ____D C:\AdwCleaner
2013-11-24 20:11 - 2007-07-01 02:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2013-11-24 14:48 - 2013-11-02 13:50 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-24 14:45 - 2013-03-17 11:24 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-24 14:45 - 2012-10-26 12:48 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-24 14:45 - 2012-10-26 12:48 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-23 23:19 - 2013-11-23 23:18 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-23 22:13 - 2013-09-29 14:40 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\AVG SafeGuard toolbar
2013-11-23 22:13 - 2013-09-29 14:37 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVG SafeGuard toolbar
2013-11-23 15:03 - 2011-10-10 13:26 - 00002445 ____C C:\Documents and Settings\user\Desktop\HiJackThis.lnk
2013-11-23 15:01 - 2012-10-27 19:23 - 00000000 ____D C:\Documents and Settings\user\Application Data\uTorrent
2013-11-23 14:57 - 2013-02-14 17:27 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Deployment
2013-11-23 14:43 - 2007-02-12 10:21 - 00000000 ____D C:\WINDOWS\system
2013-11-23 02:43 - 2001-08-18 12:00 - 00002422 ____C C:\WINDOWS\system32\wpa.dbl
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-22 21:23 - 2013-09-29 14:34 - 00003745 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-22 21:21 - 2012-06-12 20:20 - 00000000 ____D C:\WINDOWS\system32\cache
2013-11-22 21:17 - 2012-09-04 20:23 - 00037664 ____C (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-20 20:08 - 2007-08-02 14:19 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2013-11-20 20:07 - 2013-11-20 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 20:07 - 2013-11-20 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-20 17:36 - 2012-08-26 20:00 - 00095744 ____C C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-18 13:06 - 2011-07-31 21:10 - 00000284 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:04 - 2013-11-16 05:29 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 16:01 - 2012-08-19 07:43 - 00000000 ____D C:\Documents and Settings\user\Desktop\media players
2013-11-16 16:00 - 2012-08-19 07:39 - 00000000 ____D C:\Documents and Settings\user\Desktop\av and fw
2013-11-16 06:51 - 2012-09-29 11:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 06:36 - 2007-06-29 01:08 - 00000000 ____D C:\Program Files\Java
2013-11-16 06:36 - 2007-06-29 01:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2009-11-13 19:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-16 01:54 - 2012-10-30 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 20:46 - 2007-02-12 10:51 - 00002487 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2013-11-13 02:10 - 2011-06-30 20:09 - 00000682 ____C C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-11-13 02:09 - 2011-06-30 20:09 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-11 12:43 - 2007-04-17 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-11-08 13:55 - 2012-10-26 12:50 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-11-07 15:50 - 2007-04-19 14:14 - 80340640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-05 17:19 - 2007-12-06 14:56 - 00026576 ____C C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2013-11-03 19:34 - 2011-08-07 16:06 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-02 14:06 - 2013-11-02 14:06 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-11-02 13:50 - 2013-11-02 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-11-02 13:45 - 2013-03-17 11:24 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-11-02 13:45 - 2013-03-17 11:24 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-11-02 13:31 - 2012-10-23 23:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-02 13:20 - 2007-02-12 10:36 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Can you tell me what Aircrack is please? I'm not familiar with this program.


----------



## sharpeye72 (Aug 18, 2009)

Aircrack was something I tried to use years ago when I lived in a shared house and nobody could remember the password to log onto the wireless network. It was meant to be able to work around the security but I never managed it. I didnt realize it was still on here.


----------



## Cookiegal (Aug 27, 2003)

Are you using a flash or external drive? If so, it appears to be infected.

Be sure to have your flash or external drive connected before doing this.

I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.


----------



## sharpeye72 (Aug 18, 2009)

Diagnostic Report
Mon 12/02/2013 18:33:15.33

Mountpoints > Drives subkeys: 
------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e18720-7447-11de-9d8e-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,01,01,00,5f,ee,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,10,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22684fa2-a551-11dd-89c9-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,df,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,e0,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22684fa2-a551-11dd-89c9-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22684fa2-a551-11dd-89c9-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22684fa2-a551-11dd-89c9-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27ceb4d3-8307-11dc-88f7-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,01,01,00,5f,ee,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,10,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b73d830-ba90-11db-92f5-000d60373eef}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
01,01,00,5f,cf,cf,01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b73d830-ba90-11db-92f5-000d60373eef}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b73d830-ba90-11db-92f5-000d60373eef}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b73d830-ba90-11db-92f5-000d60373eef}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49ce8191-814f-11dc-88f6-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49ce8191-814f-11dc-88f6-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49ce8191-814f-11dc-88f6-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49ce8191-814f-11dc-88f6-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b683721-f3d3-11de-b019-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,00,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ce232f0-575e-11dd-894f-00096b93df5a}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f845d60-dec3-11dd-8a4e-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,df,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,e0,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f845d60-dec3-11dd-8a4e-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f845d60-dec3-11dd-8a4e-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f845d60-dec3-11dd-8a4e-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f85a9c0-07bf-11e1-b2da-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cddf270-8b4f-11dd-8998-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cddf270-8b4f-11dd-8998-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cddf270-8b4f-11dd-8998-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cddf270-8b4f-11dd-8998-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7091d2b0-e99c-11db-8863-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c3-37c2-11e1-b2ed-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c3-37c2-11e1-b2ed-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c3-37c2-11e1-b2ed-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c3-37c2-11e1-b2ed-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c4-37c2-11e1-b2ed-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c4-37c2-11e1-b2ed-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c4-37c2-11e1-b2ed-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76dc21c4-37c2-11e1-b2ed-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87aeddc0-ecd5-11db-8868-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9769b0-d11c-11dd-8a33-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee1-1ab9-11e1-b2e6-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee1-1ab9-11e1-b2e6-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee1-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee1-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee2-1ab9-11e1-b2e6-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee2-1ab9-11e1-b2e6-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee2-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee2-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee3-1ab9-11e1-b2e6-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee3-1ab9-11e1-b2e6-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee3-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee3-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee4-1ab9-11e1-b2e6-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee4-1ab9-11e1-b2e6-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee4-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eafbee4-1ab9-11e1-b2e6-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\Shell\AutoRun\command]
@="E:\\setup.exe AUTORUN=1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\_Autorun\Action]
@="ICON 225 USB Connect"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{955d5a36-18a3-11de-8aac-00096b93df5a}\_Autorun\DefaultIcon]
@="E:\\ICON225USBConnect.ico"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\Shell\AutoRun\command]
@="F:\\AutoRun.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c660-8172-11df-b10e-00096b93df5a}\_Autorun\DefaultIcon]
@="F:\\Startup.ico"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,5f,ee,\
ff,ff,ff,ff,ff,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,10,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\Shell\AutoRun\command]
@="F:\\AutoRun.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c663-8172-11df-b10e-00096b93df5a}\_Autorun\DefaultIcon]
@="F:\\Startup.ico"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ab7c664-8172-11df-b10e-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,5f,ff,\
ff,ff,ff,ff,ff,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7bbd4d1-77eb-11dc-88ef-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7bbd4d1-77eb-11dc-88ef-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7bbd4d1-77eb-11dc-88ef-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7bbd4d1-77eb-11dc-88ef-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2bff141-ba82-11db-bc3e-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,df,df,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,08,04,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2bff143-ba82-11db-bc3e-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb14bc50-a8f5-11e1-b318-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb14bc50-a8f5-11e1-b318-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb14bc50-a8f5-11e1-b318-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb14bc50-a8f5-11e1-b318-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c18a6bd2-cdca-11e1-9745-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fdee5-3885-11de-8aef-00022d7c8422}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,df,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\
5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,e0,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fdee5-3885-11de-8aef-00022d7c8422}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fdee5-3885-11de-8aef-00022d7c8422}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fdee5-3885-11de-8aef-00022d7c8422}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell]
@="Auto"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell\Auto]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell\Auto\command]
@="SVCH.exe e"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell\AutoRun]
"Extended"=""
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfbf65a0-2b67-11dd-892a-00096b93df5a}\shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd52e23-0e3a-11dd-8921-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd52e29-0e3a-11dd-8921-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd52e29-0e3a-11dd-8921-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd52e29-0e3a-11dd-8921-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd52e29-0e3a-11dd-8921-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f68d92a3-edf8-11e0-b2b4-00096b93df5a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f68d92a3-edf8-11e0-b2b4-00096b93df5a}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f68d92a3-edf8-11e0-b2b4-00096b93df5a}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f68d92a3-edf8-11e0-b2b4-00096b93df5a}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~ 
No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

No Autorun files found in root of C:

No Autorun files found in root of D:


----------



## Cookiegal (Aug 27, 2003)

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
SVCH.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## sharpeye72 (Aug 18, 2009)

SystemLook 04.09.10 by jpshortstuff
Log created at 19:01 on 02/12/2013 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "SVCH.exe"
No files found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a FixSharpeye.zip file. Please save it to your Desktop. Unzip it (extract the file) and then double-click the FixSharpeye.reg file to run it and allow it to merge into the registry.

Once you've done that please run FRST again and post the new log.


----------



## sharpeye72 (Aug 18, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by user (administrator) on T30-UWZS1Q0D4LJ on 02-12-2013 21:10:28
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
(Sports Interactive) C:\Program Files\Sports Interactive\football manager\fm.exe
(Jpee) C:\Program Files\FM Modifier 2.2\FMM2.2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\user\Desktop\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\edd7227b-e234-494c-bd91-62b7b0e3cb8c.exe [180184 2013-11-23] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [DAEMON Tools] - C:\Program Files\DAEMON Tools\daemon.exe [165784 2007-04-03] (DT Soft Ltd.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {955d5a36-18a3-11de-8aac-00096b93df5a} - E:\setup.exe AUTORUN=1
MountPoints2: {9ab7c660-8172-11df-b10e-00096b93df5a} - F:\AutoRun.exe
MountPoints2: {9ab7c663-8172-11df-b10e-00096b93df5a} - F:\AutoRun.exe
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk
ShortcutTarget: Micronet SP907GK Wireless Network Utility.lnk -> C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {AAC31524-0FD2-47DB-B233-F1420B9F13BA} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 05 c:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [73782 2005-11-11] ()
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_501bc242\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_501bc242\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S2 FlexService; "C:\Program Files\RapidBIT\cisvc.exe" [x]
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [x]
S4 Roxio Upnp Server 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2012-07-27] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-02] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [238464 2010-05-13] (AVEO Corp)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-22] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dk2drv; C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys [49720 2011-10-03] (Data Encryption Systems Limited)
R2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider)
R2 FLE5WNNT; C:\WINDOWS\System32\Drivers\fle5wnnt.sys [33404 2011-10-03] (Data Encryption Systems Limited)
R2 FLSIFACE; C:\WINDOWS\System32\Drivers\flsiface.sys [14272 2011-10-03] (Data Encryption Systems Limited)
R2 FLSPAR; C:\WINDOWS\System32\Drivers\flspar.sys [16314 2011-10-03] (Data Encryption Systems Limited)
R2 FLSSER; C:\WINDOWS\System32\Drivers\flsser.sys [8344 2011-10-03] (Data Encryption Systems Limited)
R2 FLSVCOM; C:\WINDOWS\System32\Drivers\flsvcom.sys [35226 2011-10-03] (Data Encryption Systems Limited)
S3 GcKernel; C:\Windows\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
S3 HIDSwvd; C:\Windows\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
R3 LucentSoftModem; C:\Windows\System32\DRIVERS\LTSM.sys [802683 2001-08-17] (Lucent Technologies)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [238976 2007-06-01] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [682232 2007-10-25] ()
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 wlluc48; C:\Windows\System32\DRIVERS\wlluc48.sys [154624 2004-08-03] (Lucent Technologies)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [x]
U5 dkpccard; C:\Windows\System32\Drivers\dkpccard.sys [14856 2011-10-03] (Data Encryption Systems Limited)
S4 hpt3xx; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 PEEK5; \??\C:\DOCUME~1\user\Desktop\AIRCRA~1.1-W\AIRCRA~1.1\bin\PEEK5.SYS [x]
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 a1tkhupo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-06-28 23:59 - 2007-12-19 22:22 - 00000000 ____D C:\Documents and Settings\user\Application Data\MSN6
2017-06-28 23:48 - 2007-09-02 19:03 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HIDSwvd.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2017-05-29 21:47 - 2010-05-27 09:49 - 00000000 ____D C:\Documents and Settings\user\Desktop\mame32u901
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-05-29 21:35 - 2007-08-16 14:56 - 00002058 ____C C:\WINDOWS\mozver.dat
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:41 - 2017-04-27 04:50 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Program Files\Visiosonic
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2013-12-02 21:02 - 2013-12-02 21:11 - 00015139 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-02 21:01 - 2013-12-02 21:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\FixSharpeye
2013-12-02 21:00 - 2013-12-02 21:00 - 00000277 _____ C:\Documents and Settings\user\Desktop\FixSharpeye.zip
2013-12-02 18:57 - 2013-12-02 19:02 - 00000418 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-02 18:56 - 2013-12-02 18:56 - 00075264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-02 18:31 - 2013-12-02 18:36 - 00000000 ____D C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic
2013-12-02 18:30 - 2013-12-02 18:30 - 00001223 _____ C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic.zip
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 07:46 - 2013-12-02 09:11 - 00010578 _____ C:\WINDOWS\updspapi.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 07:22 - 2013-12-02 07:22 - 01092187 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST(1).exe
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:57 - 2013-12-02 06:06 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 05:43 - 2013-12-02 05:56 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:49 - 2013-12-02 03:58 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:35 - 2013-12-02 03:48 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00085986 _____ C:\WINDOWS\iis6.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00080378 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00038428 _____ C:\WINDOWS\ocgen.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00036675 _____ C:\WINDOWS\tsoc.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00026559 _____ C:\WINDOWS\comsetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00016131 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00014079 _____ C:\WINDOWS\netfxocm.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00005525 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004446 _____ C:\WINDOWS\ocmsn.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004043 _____ C:\WINDOWS\tabletoc.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004017 _____ C:\WINDOWS\msgsocm.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00001374 _____ C:\WINDOWS\imsins.log
2013-12-02 03:24 - 2013-12-02 09:12 - 00024224 _____ C:\WINDOWS\msmqinst.log
2013-12-02 03:24 - 2013-12-02 09:03 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-01 23:14 - 2013-12-01 23:19 - 00000000 ___SD C:\Puppy.exe
2013-12-01 14:12 - 2013-12-02 09:13 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-01 14:07 - 2013-12-02 09:03 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-01 14:04 - 2013-12-02 08:54 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-01 14:01 - 2013-12-02 08:44 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-01 13:58 - 2013-12-02 08:35 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-01 13:55 - 2013-12-02 08:25 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-01 13:55 - 2013-12-02 07:48 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-11-29 23:28 - 2013-11-29 23:29 - 00013013 _____ C:\VEW.txt
2013-11-28 23:46 - 2013-11-28 23:46 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:30 - 2013-11-26 21:30 - 00002523 _____ C:\Documents and Settings\user\Desktop\RKreport[0]_S_11262013_213008.txt
2013-11-26 21:25 - 2013-11-26 21:30 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:25 - 2013-11-26 21:25 - 00149712 _____ C:\Documents and Settings\user\Desktop\OTS.Txt
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2013-08-08 19:22 - 00000212 _____ C:\Boot.bak
2013-11-25 23:35 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-25 23:33 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-25 23:33 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-25 23:33 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-25 23:33 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-25 23:32 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-25 23:31 - 2013-11-25 23:32 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-25 23:26 - 2013-11-29 20:48 - 05150163 ____R (Swearware) C:\Documents and Settings\user\Desktop\Puppy.exe.exe
2013-11-25 22:07 - 2013-11-25 22:07 - 00003126 _____ C:\Documents and Settings\user\Desktop\ark.txt
2013-11-24 20:02 - 2013-12-02 20:49 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-11-24 20:02 - 2013-12-02 20:49 - 00000486 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2013-11-24 16:16 - 2013-11-24 20:37 - 00000000 ____D C:\AdwCleaner
2013-11-23 23:18 - 2013-11-23 23:19 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-20 19:55 - 2013-12-02 21:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-20 19:55 - 2013-11-20 20:07 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 19:55 - 2013-11-20 20:07 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:01 - 2013-11-26 19:10 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-16 06:01 - 2013-10-24 23:12 - 00873384 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2013-11-16 06:01 - 2013-10-24 23:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-16 06:00 - 2013-10-24 23:12 - 00796072 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-11-16 06:00 - 2013-10-24 23:12 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-16 05:29 - 2013-11-16 16:04 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 04:48 - 2013-12-02 03:49 - 00074227 _____ C:\WINDOWS\setupapi.log
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-02 14:06 - 2013-11-02 14:06 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-11-02 13:50 - 2013-11-24 14:48 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-02 13:50 - 2013-11-02 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

==================== One Month Modified Files and Folders =======

2017-06-29 00:13 - 2007-02-12 10:26 - 00001789 ____C C:\WINDOWS\system32\AUTOEXEC.NT
2017-06-29 00:00 - 2007-02-12 10:32 - 00000000 ____D C:\Program Files\MSN
2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:50 - 2017-04-27 04:41 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Program Files\Visiosonic
2017-04-17 12:32 - 2017-04-17 12:32 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Visiosonic
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2014-03-09 20:15 - 2008-04-05 19:33 - 00000268 ____H C:\sqmdata19.sqm
2014-03-09 20:15 - 2008-04-05 19:33 - 00000244 ____H C:\sqmnoopt19.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000268 ____H C:\sqmdata18.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000244 ____H C:\sqmnoopt18.sqm
2013-12-02 21:11 - 2013-12-02 21:02 - 00015139 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-02 21:02 - 2013-11-20 19:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-02 21:01 - 2013-12-02 21:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\FixSharpeye
2013-12-02 21:00 - 2013-12-02 21:00 - 00000277 _____ C:\Documents and Settings\user\Desktop\FixSharpeye.zip
2013-12-02 20:49 - 2013-11-24 20:02 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-12-02 20:49 - 2013-11-24 20:02 - 00000486 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2013-12-02 20:41 - 2007-09-10 15:07 - 00000256 ____C C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2013-12-02 19:02 - 2013-12-02 18:57 - 00000418 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-02 18:56 - 2013-12-02 18:56 - 00075264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-02 18:36 - 2013-12-02 18:31 - 00000000 ____D C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic
2013-12-02 18:30 - 2013-12-02 18:30 - 00001223 _____ C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic.zip
2013-12-02 14:47 - 2012-10-23 23:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-02 14:14 - 2007-07-03 19:39 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-02 13:06 - 2011-07-31 21:10 - 00000284 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-12-02 11:56 - 2013-10-17 22:30 - 00171520 _____ C:\Documents and Settings\user\My Documents\season 14-15 squad.xls
2013-12-02 10:14 - 2007-02-12 10:40 - 00032124 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-02 09:57 - 2012-07-27 15:03 - 00000387 _____ C:\WINDOWS\RTacDbg.txt
2013-12-02 09:55 - 2012-06-26 20:50 - 00000354 ____C C:\WINDOWS\Tasks\Wise Care 365.job
2013-12-02 09:55 - 2009-09-24 08:09 - 00000236 ____C C:\WINDOWS\Tasks\OGALogon.job
2013-12-02 09:42 - 2012-09-28 23:11 - 01940303 ____C C:\WINDOWS\WindowsUpdate.log
2013-12-02 09:31 - 2012-09-28 23:11 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-12-02 09:31 - 2012-09-28 23:11 - 00000049 ____C C:\WINDOWS\wiaservc.log
2013-12-02 09:31 - 2007-02-12 10:36 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-12-02 09:30 - 2007-02-12 10:25 - 00146016 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-02 09:28 - 2007-02-12 10:41 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini
2013-12-02 09:13 - 2013-12-02 03:24 - 00085986 _____ C:\WINDOWS\iis6.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00080378 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00038428 _____ C:\WINDOWS\ocgen.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00036675 _____ C:\WINDOWS\tsoc.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00026559 _____ C:\WINDOWS\comsetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00016131 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00014079 _____ C:\WINDOWS\netfxocm.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00005525 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004446 _____ C:\WINDOWS\ocmsn.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004043 _____ C:\WINDOWS\tabletoc.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004017 _____ C:\WINDOWS\msgsocm.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00001374 _____ C:\WINDOWS\imsins.log
2013-12-02 09:13 - 2013-12-01 14:12 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-02 09:12 - 2013-12-02 03:24 - 00024224 _____ C:\WINDOWS\msmqinst.log
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:11 - 2013-12-02 07:46 - 00010578 _____ C:\WINDOWS\updspapi.log
2013-12-02 09:03 - 2013-12-02 03:24 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-12-02 09:03 - 2013-12-01 14:07 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:54 - 2013-12-01 14:04 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:44 - 2013-12-01 14:01 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:35 - 2013-12-01 13:58 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 08:25 - 2013-12-01 13:55 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-02 08:05 - 2008-09-21 02:01 - 00000000 ____D C:\WINDOWS\ie7updates
2013-12-02 07:48 - 2013-12-01 13:55 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 07:22 - 2013-12-02 07:22 - 01092187 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST(1).exe
2013-12-02 07:12 - 2013-01-13 18:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-02 06:52 - 2007-02-12 10:26 - 00627386 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-02 06:06 - 2013-12-02 05:57 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:56 - 2013-12-02 05:43 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 04:17 - 2013-01-13 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-12-02 03:58 - 2013-12-02 03:49 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:49 - 2013-11-13 04:48 - 00074227 _____ C:\WINDOWS\setupapi.log
2013-12-02 03:48 - 2013-12-02 03:35 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-02 00:31 - 2013-08-07 18:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-01 23:19 - 2013-12-01 23:14 - 00000000 ___SD C:\Puppy.exe
2013-11-29 23:29 - 2013-11-29 23:28 - 00013013 _____ C:\VEW.txt
2013-11-29 21:58 - 2012-08-19 07:40 - 00000000 ____D C:\Documents and Settings\user\Desktop\cv stiff
2013-11-29 20:48 - 2013-11-25 23:26 - 05150163 ____R (Swearware) C:\Documents and Settings\user\Desktop\Puppy.exe.exe
2013-11-28 23:46 - 2013-11-28 23:46 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:30 - 2013-11-26 21:30 - 00002523 _____ C:\Documents and Settings\user\Desktop\RKreport[0]_S_11262013_213008.txt
2013-11-26 21:30 - 2013-11-26 21:25 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:25 - 2013-11-26 21:25 - 00149712 _____ C:\Documents and Settings\user\Desktop\OTS.Txt
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 20:19 - 2013-02-15 00:46 - 00000000 ____D C:\Program Files\Full Tilt Poker
2013-11-26 19:10 - 2013-11-16 16:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2007-02-12 10:24 - 00000328 __RSH C:\boot.ini
2013-11-25 23:32 - 2013-11-25 23:31 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-25 22:07 - 2013-11-25 22:07 - 00003126 _____ C:\Documents and Settings\user\Desktop\ark.txt
2013-11-24 20:37 - 2013-11-24 16:16 - 00000000 ____D C:\AdwCleaner
2013-11-24 20:11 - 2007-07-01 02:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2013-11-24 14:48 - 2013-11-02 13:50 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-24 14:45 - 2013-03-17 11:24 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-24 14:45 - 2012-10-26 12:48 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-24 14:45 - 2012-10-26 12:48 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-23 23:19 - 2013-11-23 23:18 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-23 22:13 - 2013-09-29 14:40 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\AVG SafeGuard toolbar
2013-11-23 22:13 - 2013-09-29 14:37 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVG SafeGuard toolbar
2013-11-23 15:03 - 2011-10-10 13:26 - 00002445 ____C C:\Documents and Settings\user\Desktop\HiJackThis.lnk
2013-11-23 15:01 - 2012-10-27 19:23 - 00000000 ____D C:\Documents and Settings\user\Application Data\uTorrent
2013-11-23 14:57 - 2013-02-14 17:27 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Deployment
2013-11-23 14:43 - 2007-02-12 10:21 - 00000000 ____D C:\WINDOWS\system
2013-11-23 02:43 - 2001-08-18 12:00 - 00002422 ____C C:\WINDOWS\system32\wpa.dbl
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-22 21:23 - 2013-09-29 14:34 - 00003745 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-22 21:21 - 2012-06-12 20:20 - 00000000 ____D C:\WINDOWS\system32\cache
2013-11-22 21:17 - 2012-09-04 20:23 - 00037664 ____C (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-20 20:08 - 2007-08-02 14:19 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2013-11-20 20:07 - 2013-11-20 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 20:07 - 2013-11-20 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-20 17:36 - 2012-08-26 20:00 - 00095744 ____C C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:04 - 2013-11-16 05:29 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 16:01 - 2012-08-19 07:43 - 00000000 ____D C:\Documents and Settings\user\Desktop\media players
2013-11-16 16:00 - 2012-08-19 07:39 - 00000000 ____D C:\Documents and Settings\user\Desktop\av and fw
2013-11-16 06:51 - 2012-09-29 11:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 06:36 - 2007-06-29 01:08 - 00000000 ____D C:\Program Files\Java
2013-11-16 06:36 - 2007-06-29 01:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2009-11-13 19:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-16 01:54 - 2012-10-30 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 20:46 - 2007-02-12 10:51 - 00002487 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2013-11-13 02:10 - 2011-06-30 20:09 - 00000682 ____C C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-11-13 02:09 - 2011-06-30 20:09 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-11 12:43 - 2007-04-17 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-11-08 13:55 - 2012-10-26 12:50 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-11-07 15:50 - 2007-04-19 14:14 - 80340640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-05 17:19 - 2007-12-06 14:56 - 00026576 ____C C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2013-11-03 19:34 - 2011-08-07 16:06 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-02 14:06 - 2013-11-02 14:06 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-11-02 13:50 - 2013-11-02 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-11-02 13:45 - 2013-03-17 11:24 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-11-02 13:45 - 2013-03-17 11:24 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-11-02 13:31 - 2012-10-23 23:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-02 13:20 - 2007-02-12 10:36 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## sharpeye72 (Aug 18, 2009)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013
Ran by user at 2013-12-02 23:27:48 Run:1
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
S4 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_501bc242\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_501bc242\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S2 FlexService; "C:\Program Files\RapidBIT\cisvc.exe" [x]
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [x]
S4 Roxio Upnp Server 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
C:\Program Files\Common Files\AVG Secure Search
S3 PEEK5; \??\C:\DOCUME~1\user\Desktop\AIRCRA~1.1-W\AIRCRA~1.1\bin\PEEK5.SYS [x]
U3 a1tkhupo; No ImagePath
2013-11-23 22:13 - 2013-09-29 14:40 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\AVG SafeGuard toolbar
2013-11-23 22:13 - 2013-09-29 14:37 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVG SafeGuard toolbar

*****************

C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
AviraUpgradeService => Service deleted successfully.
FlexService => Service deleted successfully.
Roxio UPnP Renderer 9 => Service deleted successfully.
Roxio Upnp Server 9 => Service deleted successfully.
RoxLiveShare9 => Service deleted successfully.
stllssvr => Service deleted successfully.
vToolbarUpdater17.1.2 => Service deleted successfully.
"C:\Program Files\Common Files\AVG Secure Search" => File/Directory not found.
PEEK5 => Service deleted successfully.
a1tkhupo => Service deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\AVG SafeGuard toolbar => Moved successfully.
C:\Documents and Settings\user\Application Data\AVG SafeGuard toolbar => Moved successfully.

==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

Now, please run this program but be sure not to boot the machine after running it.

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please post this in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
After posting the Rkill log, do NOT boot the machine but try to run ComboFix again please.


----------



## sharpeye72 (Aug 18, 2009)

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/03/2013 03:06:05 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com

20 out of 8733 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 12/03/2013 03:09:23 AM
Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s)


----------



## sharpeye72 (Aug 18, 2009)

After posting the log file above, I ran Combofix again. The Blue box was still on screen after about half an hour when it was time for bed so I just left it on. When I I got back to it today it was powered off but there was no log saved on my desktop.


----------



## Cookiegal (Aug 27, 2003)

Pleaes try running ComboFix in safe mode and monitor the progress so you can tell me at what point it crashes if that happens again.


----------



## sharpeye72 (Aug 18, 2009)

I tried to run Combofix in safe mode but it just sat there for well over an hour with nothing happening and just like before, the clock seemed to still be working until I clicked on start to shut down, when it froze


----------



## Cookiegal (Aug 27, 2003)

Please download *aswMBR* and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## sharpeye72 (Aug 18, 2009)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-06 12:08:56
-----------------------------
12:08:56.712 OS Version: Windows 5.1.2600 Service Pack 3
12:08:56.712 Number of processors: 1 586 0x207
12:08:56.752 ComputerName: T30-UWZS1Q0D4LJ UserName: user
12:09:02.060 Initialize success
12:09:18.123 AVAST engine defs: 13120500
12:09:35.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:09:35.959 Disk 0 Vendor: TOSHIBA_MK4025GAS KA100A Size: 38154MB BusType: 3
12:09:36.149 Disk 0 MBR read successfully
12:09:36.149 Disk 0 MBR scan
12:09:36.159 Disk 0 unknown MBR code
12:09:36.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
12:09:36.209 Disk 0 scanning sectors +78140160
12:09:36.440 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:25.600 Service scanning
12:11:11.176 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:11:20.770 Modules scanning
12:11:44.263 Disk 0 trace - called modules:
12:11:44.293 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x877818a8]<<
12:11:44.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8768aab8]
12:11:44.634 3 CLASSPNP.SYS[f75f1fd7] -> nt!IofCallDriver -> \Device\00000096[0x876f79e8]
12:11:44.644 5 ACPI.sys[f7458620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87712940]
12:11:44.654 \Driver\atapi[0x87715278] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf75c28b4]
12:11:45.956 AVAST engine scan C:\WINDOWS
12:11:58.484 AVAST engine scan C:\WINDOWS\system32
12:20:16.149 AVAST engine scan C:\WINDOWS\system32\drivers
12:20:55.286 AVAST engine scan C:\Documents and Settings\user
12:59:56.082 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
12:59:56.082 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Daemon Tools is interfering with the results so we'll use a tool to disable it.


Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger*icon to run the tool.
Click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue please click on the *Yes* button.
When the program has completed you will see a *Finished!*message. Click on the *OK* button to close the program.
If CD Emulation programs are present and have been disabled *DeFogger* will ask you to reboot the machine. Please click on the *OK* button to allow the computer to reboot.

Then please run aswMBR again and post the new log.


----------



## sharpeye72 (Aug 18, 2009)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-06 12:08:56
-----------------------------
12:08:56.712 OS Version: Windows 5.1.2600 Service Pack 3
12:08:56.712 Number of processors: 1 586 0x207
12:08:56.752 ComputerName: T30-UWZS1Q0D4LJ UserName: user
12:09:02.060 Initialize success
12:09:18.123 AVAST engine defs: 13120500
12:09:35.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:09:35.959 Disk 0 Vendor: TOSHIBA_MK4025GAS KA100A Size: 38154MB BusType: 3
12:09:36.149 Disk 0 MBR read successfully
12:09:36.149 Disk 0 MBR scan
12:09:36.159 Disk 0 unknown MBR code
12:09:36.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
12:09:36.209 Disk 0 scanning sectors +78140160
12:09:36.440 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:25.600 Service scanning
12:11:11.176 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:11:20.770 Modules scanning
12:11:44.263 Disk 0 trace - called modules:
12:11:44.293 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x877818a8]<<
12:11:44.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8768aab8]
12:11:44.634 3 CLASSPNP.SYS[f75f1fd7] -> nt!IofCallDriver -> \Device\00000096[0x876f79e8]
12:11:44.644 5 ACPI.sys[f7458620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87712940]
12:11:44.654 \Driver\atapi[0x87715278] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf75c28b4]
12:11:45.956 AVAST engine scan C:\WINDOWS
12:11:58.484 AVAST engine scan C:\WINDOWS\system32
12:20:16.149 AVAST engine scan C:\WINDOWS\system32\drivers
12:20:55.286 AVAST engine scan C:\Documents and Settings\user
12:59:56.082 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
12:59:56.082 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-06 12:08:56
-----------------------------
12:08:56.712 OS Version: Windows 5.1.2600 Service Pack 3
12:08:56.712 Number of processors: 1 586 0x207
12:08:56.752 ComputerName: T30-UWZS1Q0D4LJ UserName: user
12:09:02.060 Initialize success
12:09:18.123 AVAST engine defs: 13120500
12:09:35.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:09:35.959 Disk 0 Vendor: TOSHIBA_MK4025GAS KA100A Size: 38154MB BusType: 3
12:09:36.149 Disk 0 MBR read successfully
12:09:36.149 Disk 0 MBR scan
12:09:36.159 Disk 0 unknown MBR code
12:09:36.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
12:09:36.209 Disk 0 scanning sectors +78140160
12:09:36.440 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:25.600 Service scanning
12:11:11.176 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:11:20.770 Modules scanning
12:11:44.263 Disk 0 trace - called modules:
12:11:44.293 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x877818a8]<<
12:11:44.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8768aab8]
12:11:44.634 3 CLASSPNP.SYS[f75f1fd7] -> nt!IofCallDriver -> \Device\00000096[0x876f79e8]
12:11:44.644 5 ACPI.sys[f7458620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87712940]
12:11:44.654 \Driver\atapi[0x87715278] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf75c28b4]
12:11:45.956 AVAST engine scan C:\WINDOWS
12:11:58.484 AVAST engine scan C:\WINDOWS\system32
12:20:16.149 AVAST engine scan C:\WINDOWS\system32\drivers
12:20:55.286 AVAST engine scan C:\Documents and Settings\user
12:59:56.082 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
12:59:56.082 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
13:39:01.124 File: C:\Documents and Settings\user\Desktop\OTS.exe **INFECTED** Win32:Malware-gen
14:23:07.198 AVAST engine scan C:\Documents and Settings\All Users
14:26:08.249 Scan finished successfully
14:31:32.795 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
14:31:32.846 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-06 15:18:34
-----------------------------
15:18:34.106 OS Version: Windows 5.1.2600 Service Pack 3
15:18:34.106 Number of processors: 1 586 0x207
15:18:34.106 ComputerName: T30-UWZS1Q0D4LJ UserName: user
15:19:04.029 Initialize success
15:19:57.316 AVAST engine defs: 13120500
15:20:35.601 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:20:35.601 Disk 0 Vendor: TOSHIBA_MK4025GAS KA100A Size: 38154MB BusType: 3
15:20:35.971 Disk 0 MBR read successfully
15:20:35.981 Disk 0 MBR scan
15:20:37.994 Disk 0 unknown MBR code
15:20:38.044 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
15:20:38.345 Disk 0 scanning sectors +78140160
15:20:39.877 Disk 0 scanning C:\WINDOWS\system32\drivers
15:22:00.523 Service scanning
15:22:28.904 Service BITS C:\WINDOWS\system32\qmgr.dll **HIDDEN**
15:23:51.983 Modules scanning
15:24:23.498 Disk 0 trace - called modules:
15:24:23.538 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys intelide.sys 
15:24:23.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8777dab8]
15:24:23.999 3 CLASSPNP.SYS[f75f1fd7] -> nt!IofCallDriver -> \Device\00000094[0x8777f9e8]
15:24:24.009 5 ACPI.sys[f7558620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8775fd98]
15:24:24.019 \Driver\atapi[0x87731c28] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf75c28b4]
15:24:25.772 AVAST engine scan C:\WINDOWS
15:24:42.285 AVAST engine scan C:\WINDOWS\system32
15:35:06.383 AVAST engine scan C:\WINDOWS\system32\drivers
15:35:53.921 AVAST engine scan C:\Documents and Settings\user
16:44:46.443 File: C:\Documents and Settings\user\Desktop\OTS.exe **INFECTED** Win32:Malware-gen
17:22:57.888 AVAST engine scan C:\Documents and Settings\All Users
17:25:49.916 Scan finished successfully
17:27:23.290 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
17:27:23.320 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

OK, please see if you can run ComboFix now. But first, please remove the one you have by dragging it to the Recycle Bin and grab the latest version.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.


----------



## sharpeye72 (Aug 18, 2009)

Do I need to rename it again and run in safe mode?


----------



## Cookiegal (Aug 27, 2003)

Please rename it but run it in normal Windows.


----------



## sharpeye72 (Aug 18, 2009)

It's doing the same as before, I started the scan just after your last post but its just sat there doing nothing, or so it appears


----------



## Cookiegal (Aug 27, 2003)

Download Combofix again but this time don't rename it and download it to the root drive C: so it will be at the following location:

C:\combofix.exe

Go to *Start *- *Run*, type the following exactly as shown (not the space between the "e" and the "/"), and press OK:

*c:\combofix.exe /nombr*

See if ComboFix will run this way and post the log if it does.


----------



## sharpeye72 (Aug 18, 2009)

I get the following message

Windows cannot find c:\combofix.exe /nombr make sure you typed the name correctly and then try again


----------



## sharpeye72 (Aug 18, 2009)

I did remove the space by the way. Also, I have just gone into my c drive and combofix is there but I noticed the my computer icon has been renamed to puppy. Is this expected??


----------



## Cookiegal (Aug 27, 2003)

You weren't to remove the space. The space must be there.

The file in C:\Combofix.exe should not be named puppy.


----------



## sharpeye72 (Aug 18, 2009)

It's running now. It's no the combofix icon that's named puppy, it's the my computer icon that's been renamed. This is something that's happened without my knowledge.


----------



## sharpeye72 (Aug 18, 2009)

It seems to be working this time, it says completed stage_1 2 and 3 which I've not had before


----------



## Cookiegal (Aug 27, 2003)

Please upload a screenshot of your computer icon.


----------



## sharpeye72 (Aug 18, 2009)

The My Computer icon that had been renamed Puppy has now gone. The combofix scan was successful but the log file was too large to post here so I've added it as an attachment.


----------



## Cookiegal (Aug 27, 2003)

Did you install the Probot Keylogger (or a keylogger by some other name) intentionally?

Also, did you install Visiosonic?

Please go to *VirusTotal* and upload the following file for scanning.

Click *Choose File*
Navigate to the following file then click *Open* 

```
c:\program files\wrar362.exe
```

Click *Scan It*
If you get a message saying the file has already been analyzed click *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## sharpeye72 (Aug 18, 2009)

Ive not heard of the keylogger you mentioned. Here's the URL

https://www.virustotal.com/en/file/...94242da8d533255666ad6855/analysis/1386429744/


----------



## sharpeye72 (Aug 18, 2009)

Not heard of Visiosonic either


----------



## sharpeye72 (Aug 18, 2009)

Actually, Visiosonic is a piece of djing software


----------



## Cookiegal (Aug 27, 2003)

sharpeye72 said:


> Actually, Visiosonic is a piece of djing software


You had me scratching my head with that one until it finally clicked was djing was. So did you install it then? I ask because the problem with the dates seems to have started when that was installed.


----------



## sharpeye72 (Aug 18, 2009)

Its not something I use anymore, I could always remove it


----------



## Cookiegal (Aug 27, 2003)

Assuming it's freeware, I'd try uninstalling it and the rebooting the machine to see if this fixes the date problem. I don't know if it will or not but it's worth a shot.

If you want to try that then after uninstalling please run FRST again and post the log.


----------



## sharpeye72 (Aug 18, 2009)

Im on it, I'll get back to you


----------



## sharpeye72 (Aug 18, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2013 02
Ran by user (administrator) on T30-UWZS1Q0D4LJ on 07-12-2013 18:08:19
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk
ShortcutTarget: Micronet SP907GK Wireless Network Utility.lnk -> C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {AAC31524-0FD2-47DB-B233-F1420B9F13BA} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 05 c:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [73782 2005-11-11] ()
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2012-07-27] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-02] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [238464 2010-05-13] (AVEO Corp)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-22] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dk2drv; C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys [49720 2011-10-03] (Data Encryption Systems Limited)
R2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider)
R2 FLE5WNNT; C:\WINDOWS\System32\Drivers\fle5wnnt.sys [33404 2011-10-03] (Data Encryption Systems Limited)
R2 FLSIFACE; C:\WINDOWS\System32\Drivers\flsiface.sys [14272 2011-10-03] (Data Encryption Systems Limited)
R2 FLSPAR; C:\WINDOWS\System32\Drivers\flspar.sys [16314 2011-10-03] (Data Encryption Systems Limited)
R2 FLSSER; C:\WINDOWS\System32\Drivers\flsser.sys [8344 2011-10-03] (Data Encryption Systems Limited)
R2 FLSVCOM; C:\WINDOWS\System32\Drivers\flsvcom.sys [35226 2011-10-03] (Data Encryption Systems Limited)
S3 GcKernel; C:\Windows\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
S3 HIDSwvd; C:\Windows\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
R3 LucentSoftModem; C:\Windows\System32\DRIVERS\LTSM.sys [802683 2001-08-17] (Lucent Technologies)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [238976 2007-06-01] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [682232 2007-10-25] (Duplex Secure Ltd.)
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 wlluc48; C:\Windows\System32\DRIVERS\wlluc48.sys [154624 2004-08-03] (Lucent Technologies)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 dkpccard; C:\Windows\System32\Drivers\dkpccard.sys [14856 2011-10-03] (Data Encryption Systems Limited)
S4 hpt3xx; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-06-28 23:59 - 2007-12-19 22:22 - 00000000 ____D C:\Documents and Settings\user\Application Data\MSN6
2017-06-28 23:48 - 2007-09-02 19:03 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HIDSwvd.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2017-05-29 21:47 - 2010-05-27 09:49 - 00000000 ____D C:\Documents and Settings\user\Desktop\mame32u901
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-05-29 21:35 - 2007-08-16 14:56 - 00002058 ____C C:\WINDOWS\mozver.dat
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:41 - 2017-04-27 04:50 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2013-12-07 18:06 - 2013-12-07 18:07 - 01060157 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-07 01:37 - 2013-12-07 01:37 - 00144965 _____ C:\ComboFix.txt
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-07 01:18 - 2013-12-07 01:18 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-06 21:00 - 2013-12-07 00:26 - 05153080 ____R (Swearware) C:\ComboFix.exe
2013-12-06 15:13 - 2013-12-06 15:14 - 00000160 _____ C:\Documents and Settings\user\defogger_reenable
2013-12-06 12:59 - 2013-12-06 17:27 - 00006684 _____ C:\Documents and Settings\user\Desktop\aswMBR.txt
2013-12-06 12:59 - 2013-12-06 17:27 - 00000512 _____ C:\Documents and Settings\user\Desktop\MBR.dat
2013-12-06 12:07 - 2013-12-06 12:08 - 04745728 _____ (AVAST Software) C:\Documents and Settings\user\Desktop\aswmbr.exe
2013-12-03 23:09 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-03 23:09 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-03 23:09 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-03 22:56 - 2013-12-03 22:56 - 00000000 ____D C:\WINDOWS\CSC
2013-12-03 03:04 - 2013-12-03 03:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe
2013-12-02 21:02 - 2013-12-07 18:08 - 00013019 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-02 21:01 - 2013-12-03 22:38 - 00000000 ____D C:\Documents and Settings\user\Desktop\FixSharpeye
2013-12-02 21:00 - 2013-12-02 21:00 - 00000277 _____ C:\Documents and Settings\user\Desktop\FixSharpeye.zip
2013-12-02 18:56 - 2013-12-02 18:56 - 00075264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-02 18:31 - 2013-12-02 18:36 - 00000000 ____D C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic
2013-12-02 18:30 - 2013-12-02 18:30 - 00001223 _____ C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic.zip
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 07:46 - 2013-12-02 09:11 - 00010578 _____ C:\WINDOWS\updspapi.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:57 - 2013-12-02 06:06 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 05:43 - 2013-12-02 05:56 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:49 - 2013-12-02 03:58 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:35 - 2013-12-02 03:48 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00085986 _____ C:\WINDOWS\iis6.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00080378 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00038428 _____ C:\WINDOWS\ocgen.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00036675 _____ C:\WINDOWS\tsoc.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00026559 _____ C:\WINDOWS\comsetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00016131 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00014079 _____ C:\WINDOWS\netfxocm.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00005525 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004446 _____ C:\WINDOWS\ocmsn.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004043 _____ C:\WINDOWS\tabletoc.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00004017 _____ C:\WINDOWS\msgsocm.log
2013-12-02 03:24 - 2013-12-02 09:13 - 00001374 _____ C:\WINDOWS\imsins.log
2013-12-02 03:24 - 2013-12-02 09:12 - 00024224 _____ C:\WINDOWS\msmqinst.log
2013-12-02 03:24 - 2013-12-02 09:03 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-01 14:12 - 2013-12-02 09:13 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-01 14:07 - 2013-12-02 09:03 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-01 14:04 - 2013-12-02 08:54 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-01 14:01 - 2013-12-02 08:44 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-01 13:58 - 2013-12-02 08:35 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-01 13:55 - 2013-12-02 08:25 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-01 13:55 - 2013-12-02 07:48 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-11-29 23:28 - 2013-11-29 23:29 - 00013013 _____ C:\VEW.txt
2013-11-28 23:46 - 2013-11-28 23:46 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:25 - 2013-11-26 21:30 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2013-08-08 19:22 - 00000212 _____ C:\Boot.bak
2013-11-25 23:35 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-25 23:31 - 2013-12-07 01:37 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-12-07 01:30 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-24 20:02 - 2013-12-07 18:01 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-11-24 16:16 - 2013-11-24 20:37 - 00000000 ____D C:\AdwCleaner
2013-11-23 23:18 - 2013-11-23 23:19 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-20 19:55 - 2013-12-07 18:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-20 19:55 - 2013-11-20 20:07 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 19:55 - 2013-11-20 20:07 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:01 - 2013-11-26 19:10 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-16 06:01 - 2013-10-24 23:12 - 00873384 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2013-11-16 06:01 - 2013-10-24 23:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-16 06:00 - 2013-10-24 23:12 - 00796072 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-11-16 06:00 - 2013-10-24 23:12 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-16 05:29 - 2013-11-16 16:04 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 04:48 - 2013-12-06 14:16 - 00082926 _____ C:\WINDOWS\setupapi.log
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx

==================== One Month Modified Files and Folders =======

2017-06-29 00:13 - 2007-02-12 10:26 - 00001789 ____C C:\WINDOWS\system32\AUTOEXEC.NT
2017-06-29 00:00 - 2007-02-12 10:32 - 00000000 ____D C:\Program Files\MSN
2017-06-28 23:59 - 2017-06-28 23:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2017-05-29 21:35 - 2017-05-29 21:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Macromedia
2017-04-27 04:50 - 2017-04-27 04:50 - 00000640 ____C C:\Documents and Settings\user\Desktop\Virtual DJ.lnk
2017-04-27 04:50 - 2017-04-27 04:41 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Virtual DJ
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2014-03-09 20:15 - 2008-04-05 19:33 - 00000268 ____H C:\sqmdata19.sqm
2014-03-09 20:15 - 2008-04-05 19:33 - 00000244 ____H C:\sqmnoopt19.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000268 ____H C:\sqmdata18.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000244 ____H C:\sqmnoopt18.sqm
2013-12-07 18:08 - 2013-12-02 21:02 - 00013019 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-07 18:07 - 2013-12-07 18:06 - 01060157 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-07 18:04 - 2012-09-28 23:11 - 02061683 ____C C:\WINDOWS\WindowsUpdate.log
2013-12-07 18:03 - 2013-11-20 19:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-07 18:03 - 2012-07-27 15:03 - 00000387 _____ C:\WINDOWS\RTacDbg.txt
2013-12-07 18:01 - 2013-11-24 20:02 - 00000488 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2013-12-07 18:01 - 2012-10-23 23:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-07 18:01 - 2012-09-28 23:11 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-12-07 18:01 - 2012-09-28 23:11 - 00000049 ____C C:\WINDOWS\wiaservc.log
2013-12-07 18:01 - 2009-09-24 08:09 - 00000236 ____C C:\WINDOWS\Tasks\OGALogon.job
2013-12-07 18:00 - 2007-02-12 10:36 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-12-07 17:58 - 2007-02-12 10:41 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini
2013-12-07 17:58 - 2007-02-12 10:40 - 00032422 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-07 17:41 - 2007-09-10 15:07 - 00000256 ____C C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2013-12-07 15:04 - 2011-08-07 16:06 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-07 02:47 - 2007-02-12 10:40 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-07 01:37 - 2013-12-07 01:37 - 00144965 _____ C:\ComboFix.txt
2013-12-07 01:37 - 2013-11-25 23:31 - 00000000 ____D C:\Qoobox
2013-12-07 01:30 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-07 01:24 - 2001-08-18 12:00 - 00000304 _____ C:\WINDOWS\system.ini
2013-12-07 01:20 - 2007-02-12 10:25 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-07 01:20 - 2007-02-12 10:25 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-12-07 01:20 - 2007-02-12 10:24 - 39583744 _____ C:\WINDOWS\system32\config\software.bak
2013-12-07 01:20 - 2007-02-12 10:24 - 15466496 _____ C:\WINDOWS\system32\config\system.bak
2013-12-07 01:20 - 2007-02-12 10:24 - 01835008 _____ C:\WINDOWS\system32\config\default.bak
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-07 01:18 - 2013-12-07 01:18 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-07 01:15 - 2007-04-17 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Sports Interactive
2013-12-07 00:26 - 2013-12-06 21:00 - 05153080 ____R (Swearware) C:\ComboFix.exe
2013-12-06 17:27 - 2013-12-06 12:59 - 00006684 _____ C:\Documents and Settings\user\Desktop\aswMBR.txt
2013-12-06 17:27 - 2013-12-06 12:59 - 00000512 _____ C:\Documents and Settings\user\Desktop\MBR.dat
2013-12-06 15:14 - 2013-12-06 15:13 - 00000160 _____ C:\Documents and Settings\user\defogger_reenable
2013-12-06 14:16 - 2013-11-13 04:48 - 00082926 _____ C:\WINDOWS\setupapi.log
2013-12-06 12:08 - 2013-12-06 12:07 - 04745728 _____ (AVAST Software) C:\Documents and Settings\user\Desktop\aswmbr.exe
2013-12-06 09:51 - 2001-08-18 12:00 - 00002422 ____C C:\WINDOWS\system32\wpa.dbl
2013-12-06 03:05 - 2013-10-17 22:30 - 00167424 _____ C:\Documents and Settings\user\My Documents\season 14-15 squad.xls
2013-12-03 22:56 - 2013-12-03 22:56 - 00000000 ____D C:\WINDOWS\CSC
2013-12-03 22:38 - 2013-12-02 21:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\FixSharpeye
2013-12-03 03:04 - 2013-12-03 03:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 00000277 _____ C:\Documents and Settings\user\Desktop\FixSharpeye.zip
2013-12-02 18:56 - 2013-12-02 18:56 - 00075264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-02 18:36 - 2013-12-02 18:31 - 00000000 ____D C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic
2013-12-02 18:30 - 2013-12-02 18:30 - 00001223 _____ C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic.zip
2013-12-02 14:14 - 2007-07-03 19:39 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-02 13:06 - 2011-07-31 21:10 - 00000284 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-12-02 09:30 - 2007-02-12 10:25 - 00146016 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-02 09:13 - 2013-12-02 03:24 - 00085986 _____ C:\WINDOWS\iis6.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00080378 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00038428 _____ C:\WINDOWS\ocgen.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00036675 _____ C:\WINDOWS\tsoc.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00026559 _____ C:\WINDOWS\comsetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00016131 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00014079 _____ C:\WINDOWS\netfxocm.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00005525 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004446 _____ C:\WINDOWS\ocmsn.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004043 _____ C:\WINDOWS\tabletoc.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00004017 _____ C:\WINDOWS\msgsocm.log
2013-12-02 09:13 - 2013-12-02 03:24 - 00001374 _____ C:\WINDOWS\imsins.log
2013-12-02 09:13 - 2013-12-01 14:12 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-02 09:12 - 2013-12-02 03:24 - 00024224 _____ C:\WINDOWS\msmqinst.log
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:11 - 2013-12-02 07:46 - 00010578 _____ C:\WINDOWS\updspapi.log
2013-12-02 09:03 - 2013-12-02 03:24 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-12-02 09:03 - 2013-12-01 14:07 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:54 - 2013-12-01 14:04 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:44 - 2013-12-01 14:01 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:35 - 2013-12-01 13:58 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 08:25 - 2013-12-01 13:55 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-02 08:05 - 2008-09-21 02:01 - 00000000 ____D C:\WINDOWS\ie7updates
2013-12-02 07:48 - 2013-12-01 13:55 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 07:12 - 2013-01-13 18:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-02 06:52 - 2007-02-12 10:26 - 00627386 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-02 06:06 - 2013-12-02 05:57 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:56 - 2013-12-02 05:43 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 04:17 - 2013-01-13 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-12-02 03:58 - 2013-12-02 03:49 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:48 - 2013-12-02 03:35 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-02 00:31 - 2013-08-07 18:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-29 23:29 - 2013-11-29 23:28 - 00013013 _____ C:\VEW.txt
2013-11-29 21:58 - 2012-08-19 07:40 - 00000000 ____D C:\Documents and Settings\user\Desktop\cv stiff
2013-11-28 23:46 - 2013-11-28 23:46 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:30 - 2013-11-26 21:25 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 20:19 - 2013-02-15 00:46 - 00000000 ____D C:\Program Files\Full Tilt Poker
2013-11-26 19:10 - 2013-11-16 16:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2007-02-12 10:24 - 00000328 __RSH C:\boot.ini
2013-11-24 20:37 - 2013-11-24 16:16 - 00000000 ____D C:\AdwCleaner
2013-11-24 20:11 - 2007-07-01 02:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2013-11-24 14:48 - 2013-11-02 13:50 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-24 14:45 - 2013-03-17 11:24 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-24 14:45 - 2012-10-26 12:48 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-24 14:45 - 2012-10-26 12:48 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-23 23:19 - 2013-11-23 23:18 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-23 15:03 - 2011-10-10 13:26 - 00002445 ____C C:\Documents and Settings\user\Desktop\HiJackThis.lnk
2013-11-23 15:01 - 2012-10-27 19:23 - 00000000 ____D C:\Documents and Settings\user\Application Data\uTorrent
2013-11-23 14:57 - 2013-02-14 17:27 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Deployment
2013-11-23 14:43 - 2007-02-12 10:21 - 00000000 ____D C:\WINDOWS\system
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-22 21:23 - 2013-09-29 14:34 - 00003745 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-22 21:17 - 2012-09-04 20:23 - 00037664 ____C (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-20 20:08 - 2007-08-02 14:19 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2013-11-20 20:07 - 2013-11-20 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 20:07 - 2013-11-20 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-20 17:36 - 2012-08-26 20:00 - 00095744 ____C C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000822 _____ C:\Documents and Settings\user\Desktop\Auslogics DiskDefrag.lnk
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Program Files\Auslogics
2013-11-16 20:41 - 2013-11-16 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-11-16 16:04 - 2013-11-16 05:29 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 16:01 - 2012-08-19 07:43 - 00000000 ____D C:\Documents and Settings\user\Desktop\media players
2013-11-16 16:00 - 2012-08-19 07:39 - 00000000 ____D C:\Documents and Settings\user\Desktop\av and fw
2013-11-16 06:51 - 2012-09-29 11:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 06:36 - 2007-06-29 01:08 - 00000000 ____D C:\Program Files\Java
2013-11-16 06:36 - 2007-06-29 01:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2009-11-13 19:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-16 01:54 - 2012-10-30 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 20:46 - 2007-02-12 10:51 - 00002487 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2013-11-13 02:10 - 2011-06-30 20:09 - 00000682 ____C C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-11-13 02:09 - 2011-06-30 20:09 - 00000000 ____D C:\Program Files\CCleaner
2013-11-12 21:36 - 2013-11-12 21:36 - 00100678 _____ C:\Documents and Settings\user\My Documents\iTunes Diagnostics.spx
2013-11-11 12:43 - 2007-04-17 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-11-08 13:55 - 2012-10-26 12:50 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-11-07 15:50 - 2007-04-19 14:14 - 80340640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, that didn't fix the problem.

I think it might be best for you to back up anything important like documents, photos, music and emails and then reformat and reinstall Windows.


----------



## sharpeye72 (Aug 18, 2009)

Unfortunately I don't have a windows installation disk, as long as theres no serious issue at least I got rid of AVG which is all I wanted at the start


----------



## Cookiegal (Aug 27, 2003)

There does appear to be serious problems with the machine. The dates are way off and there was (may still be) malware on it.

Why didn't you get a CD when you bought the machine? It may be possible to restore it back to factory settings but you would have to back up everything first as that would remove anything you've installed since you got it.

We is the make and model?

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## sharpeye72 (Aug 18, 2009)

Its an IBM T30 bought on ebay as a reconditioned machine. It has served me well over the years.
Im doing that now and I'll post again when its done


----------



## sharpeye72 (Aug 18, 2009)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-H9P2B-3C3F6-7BFTY
Windows Product Key Hash: qczIszOpR5ODwPEOc08fr9b6zrA=
Windows Product ID: 55274-OEM-2245152-54296
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {1B3DA3A7-AE7F-4248-ACDE-327488EB175F}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.18.5
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1B3DA3A7-AE7F-4248-ACDE-327488EB175F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7BFTY</PKey><PID>55274-OEM-2245152-54296</PID><PIDType>3</PIDType><SID>S-1-5-21-2025429265-746137067-854245398</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>2366FU5</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>1IET64WW (2.03b)</Version><SMBIOSVersion major="2" minor="31"/><Date>20030313000000.000000+000</Date></BIOS><HWID>0AAA3707018400E2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17828</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1472F:IBM|BD4C:Semp Toshiba Informatica Ltda|BD4C:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


----------



## Cookiegal (Aug 27, 2003)

Well it's bad news with regards to your MS Office installation. It's a blocked volume license so that means it's not genuine and should be uninstalled. Volume licenses are for corporations and not for end users. The fact that it's blocked means that Microsoft is aware that this license has been abused and over-distributed. 

Also, a system builder's license shouldn't have been used for the operating system either as those are for stores that build computers (not individuals) but it's still a genuine license.

It's up to you what you want to do from this point forward but come April 2014 it will be in your best interest to change it for a new one with Windows 7 or 8 on it as XP will no longer be supported and therefore it will be risky to continue using it.

It's never a good idea to buy a computer on ebay. You should go to a reputable seller.


----------



## sharpeye72 (Aug 18, 2009)

Yeah, I bought it on eBay from a company in USA, not even from my own country!! I did get it for a good price and I've had it maybe 7 years so it has been very good value. To be honest I'd love a new one but I have other financial priorities that have pushed a new laptop way down the wish list. For now I'll just have to make do with this one and hope I get some kind if windfall, who knows, maybe Santa will help


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sharpeye72 (Aug 18, 2009)

3herosoft iPhone to Computer Transfer
888poker
AC3Filter 2.5b
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Auslogics DiskDefrag
avast! Free Antivirus
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
CCleaner
CDBurnerXP
Compatibility Pack for the 2007 Office system
CoreAAC
DivX Setup
DivxToDVD 0.5.2b
DK2 DESkey Drivers v7.14.0.25
EPSON Printer Software
FLS-4 Driver Installation
FM Modifier 2.25
Full Tilt Poker
Fuse Drivers
GOM Player
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
IBM ThinkPad UltraNav Driver
Indeo® Software
iTunes
Java 7 Update 45
Map Button (Windows Live Toolbar)
Micronet SP907GK Wireless Network Utility
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mini-SE_1.51
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
OneCare Advisor (Windows Live Toolbar)
PL-2303 USB-to-Serial
Popup Blocker (Windows Live Toolbar)
PowerDVD
QuickTime
RapidBIT Suite
Revo Uninstaller 1.94
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB2817183)
Security Update for Windows Internet Explorer 7 (KB2829530)
Security Update for Windows Internet Explorer 7 (KB2838727)
Security Update for Windows Internet Explorer 7 (KB2846071)
Security Update for Windows Internet Explorer 7 (KB2862772)
Security Update for Windows Internet Explorer 7 (KB2888505)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923789)
SEO SpyGlass
Smart Menus (Windows Live Toolbar)
SUPERAntiSpyware
Tabbed Browsing (Windows Live Toolbar)
The KMPlayer (remove only)
ThinkPad Power Management Driver
TurboTop 2.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
VC80CRTRedist - 8.0.50727.4053
Virtual DJ - Atomix Productions
VLC media player 2.1.0
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver


----------



## Cookiegal (Aug 27, 2003)

Please run OTS again.


Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in all of the boxes
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the Notepad file here.


----------



## sharpeye72 (Aug 18, 2009)

here it is


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> [Button: PokerStars]
[Files/Folders - Modified Within 30 Days]
NY ->  CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job -> C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
NY ->  14 C:\Documents and Settings\user\Local Settings\temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\temp\*.tmp
[File - Lop Check]
NY ->  ElevatedDiagnostics -> C:\Documents and Settings\user\Application Data\ElevatedDiagnostics
NY ->  LimeWire -> C:\Documents and Settings\user\Application Data\LimeWire
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## sharpeye72 (Aug 18, 2009)

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec\ not found.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job moved successfully.
C:\Documents and Settings\user\Local Settings\temp\div2C.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\div33.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\div3C.tmp\div3D.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\div3C.tmp\div40.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\div3C.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\div41.tmp\div42.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\div41.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\divB3.tmp folder deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\FRST.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\utt4.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\utt5.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\utt6.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\utt9.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\uttAA.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\uttB8.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\uttD.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\uttE.tmp deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\~sp12.tmp deleted successfully.
[File - Lop Check]
C:\Documents and Settings\user\Application Data\ElevatedDiagnostics\2601580674\2012080917.000\ElevatedDiagnostics\Images folder moved successfully.
C:\Documents and Settings\user\Application Data\ElevatedDiagnostics\2601580674\2012080917.000\ElevatedDiagnostics folder moved successfully.
C:\Documents and Settings\user\Application Data\ElevatedDiagnostics\2601580674\2012080917.000 folder moved successfully.
C:\Documents and Settings\user\Application Data\ElevatedDiagnostics\2601580674 folder moved successfully.
C:\Documents and Settings\user\Application Data\ElevatedDiagnostics folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire folder moved successfully.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 27140270 bytes
->Temporary Internet Files folder emptied: 2568293 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5072601 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109122 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 257538 bytes

Total Files Cleaned = 34.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 12132013_115239

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## sharpeye72 (Aug 18, 2009)

After I did that, the next time I opened Firefox, avg safeguard toolbar was installed without even giving me the option. I have used revo to remove this again


----------



## Cookiegal (Aug 27, 2003)

Let's run AdwCleaner again please but remove the one you have by dragging it to the Recycle Gin so we are sure to have the latest version.

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## sharpeye72 (Aug 18, 2009)

# AdwCleaner v3.015 - Report created 14/12/2013 at 23:18:17
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - T30-UWZS1Q0D4LJ
# Running from : C:\Documents and Settings\user\Desktop\AdwCleaner(2).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\user\LOCALS~1\Temp\Uninstall.exe
File Found : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21364

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hjr7zx8u.default-1340836041904\prefs.js ]

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m83ao82z.default-1377955900328\prefs.js ]

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u4ajedgv.default-1381308789883\prefs.js ]

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\prefs.js ]

*************************

AdwCleaner[R0].txt - [5847 octets] - [24/11/2013 16:16:40]
AdwCleaner[R1].txt - [961 octets] - [24/11/2013 19:03:55]
AdwCleaner[R2].txt - [1020 octets] - [24/11/2013 20:25:02]
AdwCleaner[R3].txt - [1081 octets] - [24/11/2013 20:35:07]
AdwCleaner[R4].txt - [1839 octets] - [14/12/2013 23:18:17]
AdwCleaner[S0].txt - [6054 octets] - [24/11/2013 16:53:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1959 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run it again and this time select the "clean" option and post the resulting log.


----------



## sharpeye72 (Aug 18, 2009)

# AdwCleaner v3.015 - Report created 15/12/2013 at 00:26:29
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - T30-UWZS1Q0D4LJ
# Running from : C:\Documents and Settings\user\Desktop\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\END
File Deleted : C:\DOCUME~1\user\LOCALS~1\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21364

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hjr7zx8u.default-1340836041904\prefs.js ]

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\m83ao82z.default-1377955900328\prefs.js ]

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u4ajedgv.default-1381308789883\prefs.js ]

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884\prefs.js ]

*************************

AdwCleaner[R0].txt - [5847 octets] - [24/11/2013 16:16:40]
AdwCleaner[R1].txt - [961 octets] - [24/11/2013 19:03:55]
AdwCleaner[R2].txt - [1020 octets] - [24/11/2013 20:25:02]
AdwCleaner[R3].txt - [1081 octets] - [24/11/2013 20:35:07]
AdwCleaner[R4].txt - [2039 octets] - [14/12/2013 23:18:17]
AdwCleaner[R5].txt - [2099 octets] - [15/12/2013 00:23:11]
AdwCleaner[S0].txt - [6054 octets] - [24/11/2013 16:53:21]
AdwCleaner[S1].txt - [2036 octets] - [15/12/2013 00:26:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2096 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

If you already have SystemLook then you don't need to download it again but I'll post the full instructions:

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir 
C:\Documents and Settings\user\Application Data\Macromedia /s
C:\Documents and Settings\All Users\Application Data\MSN6 /s
C:\WINDOWS\system32\LogFiles /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## sharpeye72 (Aug 18, 2009)

SystemLook 04.09.10 by jpshortstuff
Log created at 18:49 on 15/12/2013 by user
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\user\Application Data\Macromedia - Parameters: "/s"

---Files---
None found.

C:\Documents and Settings\user\Application Data\Macromedia\Common d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Common\8 d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Common\8\SourceControl d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Common\8\SourceControl\SourceSafeInfo d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8 d------ [13:09 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration d------ [13:11 21/11/2007]
ActiveXNames.txt --a--c- 633 bytes [13:11 21/11/2007] [13:11 21/11/2007]
Configuration_ReadMe.htm --a--c- 29943 bytes [13:11 21/11/2007] [13:11 21/11/2007]
Extensions.txt --a--c- 895 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FTPExtensionMap.txt --a--c- 771 bytes [13:11 21/11/2007] [13:11 21/11/2007]
panelset.xml --a--c- 2077 bytes [14:09 21/11/2007] [00:05 03/01/2008]
version.xml --a--c- 10755 bytes [13:11 21/11/2007] [13:11 21/11/2007]
WinFileCache-7A9586CB.dat --a--c- 1164330 bytes [14:09 21/11/2007] [00:05 03/01/2008]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\CodeCollapse d------ [13:27 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\CodeCollapse\cache d------ [13:27 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\CodeColoring d------ [13:11 21/11/2007]
ASP JavaScript.xml --a--c- 10678 bytes [13:11 21/11/2007] [13:11 21/11/2007]
ASP VBScript.xml --a--c- 15114 bytes [13:11 21/11/2007] [13:11 21/11/2007]
ASP.NET CSharp.xml --a--c- 10213 bytes [13:11 21/11/2007] [13:11 21/11/2007]
ASP.NET VB.xml --a--c- 14677 bytes [13:11 21/11/2007] [13:11 21/11/2007]
CodeColoring.xml --a--c- 90465 bytes  [13:11 21/11/2007] [13:11 21/11/2007]
Colors.xml --a--c- 5681 bytes [13:11 21/11/2007] [13:11 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Content d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Content\Welcome d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Content\Welcome\Flash d------ [13:12 21/11/2007]
defaultdynswf.swf --a--c- 4294 bytes [13:12 21/11/2007] [15:13 30/08/2005]
dynswfloader.swf --a--c- 681 bytes [13:12 21/11/2007] [15:13 30/08/2005]
shim.as --a--c- 8953 bytes [13:12 21/11/2007] [15:13 30/08/2005]
testing_dynswfloader.swf --a--c- 8203 bytes [13:12 21/11/2007] [15:13 30/08/2005]
welcome.swf --a--c- 77376 bytes [13:12 21/11/2007] [15:13 30/08/2005]
welcome.xml --a--c- 625 bytes [13:12 21/11/2007] [15:13 30/08/2005]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player d------ [13:11 21/11/2007]
FlashPlayerW.dll --a--c- 1052672 bytes [13:11 21/11/2007] [15:19 30/08/2005]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus d------ [13:11 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache d------ [13:11 21/11/2007]
menus.xml --a--c- 172 bytes [13:11 21/11/2007] [13:11 21/11/2007]
timestamp.xml --a--c- 2 bytes [13:11 21/11/2007] [15:13 30/08/2005]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Accelerators d------ [13:11 21/11/2007]
DWAppletContext.xml --a--c- 183 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDataBindingContext.xml --a--c- 406 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDefaultContext.xml --a--c- 250 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDesignOnlyOptionsPopup.xml --a--c- 845 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDesignVisualAidsPopup.xml --a--c- 546 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDocStatePopup.xml --a--c- 649 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormButtonContext.xml --a--c- 187 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormContext.xml --a--c- 181 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormFieldContext.xml --a--c- 186 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormImageContext.xml --a--c- 186 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormListContext.xml --a--c- 181 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormTextareaContext.xml --a--c- 189 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHRContext.xml --a--c- 181 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHTMLContext.xml --a--c- 10798 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHTMLValidatorErrorContext.xml --a--c- 188 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWImageContext.xml --a--c- 182 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLayerContext.xml --a--c- 182 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalFilesContext.xml --a--c- 989 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalSiteFilesContext.xml --a--c- 998 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalSiteFilesServerContext.xml --a--c- 1122 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMainSite.xml --a--c- 975 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMainWindow.xml --a--c- 37836 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWPluginContext.xml --a--c- 183 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWReferenceContext.xml --a--c- 329 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWRemoteSiteFilesContext.xml --a--c- 870 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWServerBehaviorContext.xml --a--c- 415 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWServerComponentContext.xml --a--c- 199 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu.xml --a--c- 3766 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSplitCodeOptionsPopup.xml --a--c- 842 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSplitDesignOptionsPopup.xml --a--c- 848 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableContext.xml --a--c- 2113 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTextContext.xml --a--c- 372 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTimelineContext.xml --a--c- 1048 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FilePanelOptions.xml --a--c- 1413 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions.xml --a--c- 3790 bytes [13:11 21/11/2007] [13:11 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Menus d------ [13:11 21/11/2007]
DWAnchorContext.xml --a--c- 722 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWAppletContext.xml --a--c- 1460 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWAssetsContext.xml --a--c- 854 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWBTCTab.xml --a--c- 2136 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWBTCTabStart.xml --a--c- 1028 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWCodeNavPopup.xml --a--c- 234 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWCodeOnlyOptionsPopup.xml --a--c- 1988 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWCommentCodePopup.xml --a--c- 970 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContextLocalFilesServerOptions_Edit.xml --a--c- 939 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Applet_Align.xml --a--c- 1682 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Assets_CopyToSite.xml --a--c- 195 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_FormImage_EditWith.xml --a--c- 230 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Form_Method.xml --a--c- 538 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_HTML_CodeNav.xml --a--c- 234 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_HTML_Code_Hint_Tools.xml --a--c- 760 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_HTML_CustomStyle.xml --a--c- 1268 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_HTML_Selection.xml --a--c- 5738 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Image_Align.xml --a--c- 1289 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Image_CustomStyle.xml --a--c- 1273 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Image_EditableRegions.xml --a--c- 220 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Image_EditWith.xml --a--c- 227 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Image_Site.xml --a--c- 995 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Layer_Tag.xml --a--c- 291 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Layer_Vis.xml --a--c- 714 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalFiles_Edit.xml --a--c- 865 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalFiles_OpenWith.xml --a--c- 336 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalFiles_PIB.xml --a--c- 380 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_CheckLinks.xml --a--c- 364 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_Cloaking.xml --a--c- 790 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_Edit.xml --a--c- 859 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_OpenWith.xml --a--c- 330 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_OpenWith_Companion.xml --a--c- 353 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_PIB.xml --a--c- 377 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_LocalSite_Select.xml --a--c- 991 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Plugin_Align.xml --a--c- 1682 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Plugin_Site.xml --a--c- 1002 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_RemoteFiles_Edit.xml --a--c- 870 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_RemoteSite_CheckLinks.xml --a--c- 212 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_RemoteSite_Cloaking.xml --a--c- 812 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_RemoteSite_PIB.xml --a--c- 379 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_RuleTracker_CustomStyle.xml --a--c- 211 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_SiteMap_CheckLinks.xml --a--c- 351 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_SiteMap_EditWith.xml --a--c- 329 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_SiteMap_PIB.xml --a--c- 373 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Table.xml --a--c- 3181 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_Alignment.xml --a--c- 888 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_CustomStyle.xml --a--c- 1297 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_Font.xml --a--c- 339 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_Format.xml --a--c- 1135 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_List.xml --a--c- 996 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_Size.xml --a--c- 1647 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Table_Text_Style.xml --a--c- 1905 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Templates_1.xml --a--c- 1669 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Templates_2.xml --a--c- 282 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Templates_3.xml --a--c- 1541 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Templates_4.xml --a--c- 1400 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_Alignment.xml --a--c- 864 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_CustomStyle.xml --a--c- 1268 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_ElementView.xml --a--c- 711 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_Font.xml --a--c- 328 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_Format.xml --a--c- 1706 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_List.xml --a--c- 1243 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_Size.xml --a--c- 4059 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_Style.xml --a--c- 1813 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWContext_Text_Target.xml --a--c- 530 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWConversionToolsPopup.xml --a--c- 1403 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWCSSRuleInspectorContext.xml --a--c- 3030 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWCSSRuleTrackerContext.xml --a--c- 3002 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWCSSSummaryPaneContext.xml --a--c- 2930 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDataBindingContext.xml --a--c- 563 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDefaultContext.xml --a--c- 691 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDefaultContext_ElementView.xml --a--c- 717 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDesignOnlyOptionsPopup.xml --a--c- 1830 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDesignVisualAidsPopup.xml --a--c- 4994 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDocStatePopup.xml --a--c- 1397 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWDocumentTabContext.xml --a--c- 1594 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormatCodePopup.xml --a--c- 631 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormButtonContext.xml --a--c- 1125 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormContext.xml --a--c- 1206 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormFieldContext.xml --a--c- 1117 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormImageContext.xml --a--c- 1727 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormListContext.xml --a--c- 1152 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFormTextareaContext.xml --a--c- 1004 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWFTPLogTab.xml --a--c- 924 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHistoryContext.xml --a--c- 854 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHotspotContext.xml --a--c- 2467 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHRContext.xml --a--c- 938 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHTMLContext.xml --a--c- 2375 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHTMLInspectorOptionsPopup.xml --a--c- 1928 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWHTMLValidatorErrorContext.xml --a--c- 1848 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWImageContext.xml --a--c- 2879 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWInsertBarContext.xml --a--c- 642 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLayerContext.xml --a--c- 1837 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLayerContext_ElementView.xml --a--c- 711 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLibaryItemContext.xml --a--c- 1076 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLinkCheckerTab.xml --a--c- 1148 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLinkCheckerTabStart.xml --a--c- 676 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalFilesContext.xml --a--c- 1333 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalSiteFilesCompanionContext.xml --a--c- 570 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalSiteFilesContext.xml --a--c- 3065 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalSiteFilesServerContext.xml --a--c- 887 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWLocalSiteFilesServersContext.xml --a--c- 384 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMainWindow.xml --a--c- 546 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Code_Hint_Tools.xml --a--c- 751 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Commands.xml --a--c- 3186 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Edit.xml --a--c- 4943 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Edit_CodeCollapse.xml --a--c- 1678 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Edit_RepeatEntries.xml --a--c- 227 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File.xml --a--c- 2695 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File_CheckPage.xml --a--c- 909 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File_Convert.xml --a--c- 185 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File_Export.xml --a--c- 804 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File_Import.xml --a--c- 987 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File_PIB.xml --a--c- 361 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_File_RecentFiles.xml --a--c- 442 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Help.xml --a--c- 3065 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert.xml --a--c- 3967 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ApplicationObjects.xml --a--c- 4412 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ASPNETObjects.xml --a--c- 7968 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ASPObjects.xml --a--c- 4028 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_CFAdvanced.xml --a--c- 6808 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_CFFlowObjects.xml --a--c- 4057 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_CFFormObject.xml --a--c- 3379 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_CFObjects.xml --a--c- 4318 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_Characters.xml --a--c- 2878 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_FormObject.xml --a--c- 3320 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_Frames.xml --a--c- 5834 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_Head.xml --a--c- 1701 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_HTML.xml --a--c- 612 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_InteractiveImage.xml --a--c- 1104 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_JSPObjects.xml --a--c- 4628 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_LayoutObjects.xml --a--c- 1071 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_Media.xml --a--c- 2473 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_PHPObjects.xml --a--c- 3432 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_RecentSnippets.xml --a--c- 363 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_RecordCount.xml --a--c- 2069 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_RecordsetPaging.xml --a--c- 3906 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ScriptObjects.xml --a--c- 519 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ServerObjects_Authentication.xml --a--c- 1160 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ServerObjects_DynamicData.xml --a--c- 2499 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ServerObjects_GoTo.xml --a--c- 611 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ServerObjects_RecordInsert.xml --a--c- 638 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ServerObjects_RecordUpdate.xml --a--c- 635 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_ShowRegion.xml --a--c- 2538 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_TableTags.xml --a--c- 2941 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_TemplateObjects.xml --a--c- 2160 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_TextObjects.xml --a--c- 4347 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Insert_XSLTObjects.xml --a--c- 1313 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify.xml --a--c- 2589 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Arrange.xml --a--c- 2139 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Convert.xml --a--c- 750 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Frameset.xml --a--c- 1490 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Hyperlink_Target.xml --a--c- 592 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Image.xml --a--c- 1829 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Library.xml --a--c- 790 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Table.xml --a--c- 3678 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Templates.xml --a--c- 3048 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Modify_Timeline.xml --a--c- 3446 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Site.xml --a--c- 2081 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Site_Advanced.xml --a--c- 671 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text.xml --a--c- 2220 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_Alignment.xml --a--c- 1863 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_CustomStyle.xml --a--c- 1326 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_Font.xml --a--c- 396 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_Format.xml --a--c- 1174 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_List.xml --a--c- 796 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_Size.xml --a--c- 846 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_SizeChange.xml --a--c- 793 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Text_Style.xml --a--c- 1738 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View.xml --a--c- 5045 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_CodeView.xml --a--c- 2366 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Grid.xml --a--c- 1092 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Guides.xml --a--c- 2948 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Invisibles.xml --a--c- 5341 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Magnification.xml --a--c- 2372 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Plugins.xml --a--c- 848 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Rulers.xml --a--c- 1767 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Styles.xml --a--c- 2083 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Tables.xml --a--c- 1345 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_Toolbars.xml --a--c- 421 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_View_TracingImage.xml --a--c- 1585 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWMenu_Window.xml --a--c- 5142 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWOpenDocumentsPopup.xml --a--c- 195 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWOutputTab.xml --a--c- 972 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWPIBPopup.xml --a--c- 353 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWPluginContext.xml --a--c- 1723 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWRecentSnippetsPopup.xml --a--c- 379 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWReferenceContext.xml --a--c- 1011 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWRemoteSiteFilesCompanionContext.xml --a--c- 362 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWRemoteSiteFilesContext.xml --a--c- 2504 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSearchTab.xml --a--c- 567 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSelInspectorContext.xml --a--c- 365 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWServerBehaviorContext.xml --a--c- 415 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWServerDebugTab.xml --a--c- 858 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSIEventsContext.xml --a--c- 631 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSiteFileMenuPopup_PIB.xml --a--c- 370 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSiteMapContext.xml --a--c- 2378 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSiteMapPopup.xml --a--c- 297 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu.xml --a--c- 296 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenuSite_Cloaking.xml --a--c- 786 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu_Edit.xml --a--c- 1860 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu_File.xml --a--c- 2001 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu_Site.xml --a--c- 3647 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu_SiteMapOptions.xml --a--c- 1338 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSitePseudoMenu_View.xml --a--c- 1421 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSiteReportsTab.xml --a--c- 858 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSnippetsContext.xml --a--c- 985 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSplitCodeOptionsPopup.xml --a--c- 3379 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSplitDesignOptionsPopup.xml --a--c- 3403 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWStyleContext.xml --a--c- 2780 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWSyncPreviewContext.xml --a--c- 929 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableContext.xml --a--c- 2109 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableContext_ElementView.xml --a--c- 711 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableHeaderLayoutColumnContext.xml --a--c- 205 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableHeaderLayoutTableContext.xml --a--c- 867 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableHeaderStandardColumnContext.xml --a--c- 683 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTableHeaderStandardTableContext.xml --a--c- 911 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTextContext.xml --a--c- 2396 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWTimelineContext.xml --a--c- 2804 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWToolbarContext.xml --a--c- 418 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWValidateTab.xml --a--c- 1729 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWValidateTabStart.xml --a--c- 977 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWValidatorErrorsPopup.xml --a--c- 1394 bytes [13:11 21/11/2007] [13:11 21/11/2007]
DWZoomComboPopup.xml --a--c- 2491 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FileOptionsFileMenu_PIB.xml --a--c- 370 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FilePanelOptions.xml --a--c- 514 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FilePanelOptions_EditMenu.xml --a--c- 977 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FilePanelOptions_FileMenu.xml --a--c- 1092 bytes [13:11 21/11/2007] [13:11 21/11/2007]
FilePanelOptions_ServersMenu.xml --a--c- 543 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SiteOptionsFileMenu_PIB.xml --a--c- 370 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SiteOptionsSiteMenu_Cloaking.xml --a--c- 790 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions.xml --a--c- 312 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions_EditMenu.xml --a--c- 1906 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions_FileMenu.xml --a--c- 1986 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions_SiteMapOptions.xml --a--c- 1316 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions_SiteMenu.xml --a--c- 3740 bytes [13:11 21/11/2007] [13:11 21/11/2007]
SitePanelOptions_ViewMenu.xml --a--c- 1264 bytes [13:11 21/11/2007] [13:11 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Tools d------ [13:11 21/11/2007]
com.macromedia.dreamweaver.tools.hand.xml --a--c- 1565 bytes [13:11 21/11/2007] [13:11 21/11/2007]
com.macromedia.dreamweaver.tools.select.xml --a--c- 420 bytes [13:11 21/11/2007] [13:11 21/11/2007]
com.macromedia.dreamweaver.tools.zoom.xml --a--c- 1573 bytes [13:11 21/11/2007] [13:11 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Custom Sets d------ [13:11 21/11/2007]
active set.txt --a--c- 19 bytes [13:11 21/11/2007] [13:11 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Objects d------ [13:45 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Objects\Forms d------ [13:45 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\RDSINFO d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache d------ [13:12 21/11/2007]
pool world record.dws --a--c- 3756 bytes [16:41 21/11/2007] [00:00 03/01/2008]
poolworldrecord.dws --a--c- 3084 bytes [13:15 21/11/2007] [00:01 03/01/2008]
Unnamed Site 1.dws --a--c- 2340 bytes [00:01 03/01/2008] [00:05 03/01/2008]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache\pool world record d------ [16:41 21/11/2007]
dwSiteColumnsMe.xml --a--c- 735 bytes [16:41 21/11/2007] [00:00 03/01/2008]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache\poolworldrecord d------ [13:15 21/11/2007]
dwSiteColumnsMe.xml --a--c- 735 bytes [13:15 21/11/2007] [00:01 03/01/2008]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache\Unnamed Site 1 d------ [00:01 03/01/2008]
dwSiteColumnsMe.xml --a--c- 735 bytes [00:01 03/01/2008] [00:05 03/01/2008]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Snippets d------ [14:00 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Snippets\Accessible d------ [14:00 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Dreamweaver 8\Configuration\Temp d------ [13:12 21/11/2007]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player d------ [21:35 29/05/2017]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects d------ [12:12 13/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\U2YCBGYC d------ [14:25 15/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\U2YCBGYC\aa.online-metrix.net d------ [14:47 15/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\U2YCBGYC\aa.online-metrix.net\fpc.swf d------ [14:47 15/12/2013]
session.sol --a---- 76 bytes [14:47 15/12/2013] [14:47 15/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com d------ [12:01 13/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support d------ [12:01 13/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer d------ [12:01 13/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys d------ [14:24 15/12/2013]
settings.sol --a---- 530 bytes [14:24 15/12/2013] [14:47 15/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net d------ [14:47 15/12/2013]
settings.sol --a---- 90 bytes [14:47 15/12/2013] [14:47 15/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com d------ [12:21 13/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin d------ [12:21 13/12/2013]

C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller d------ [12:21 13/12/2013]
airappinstaller.exe --a---- 54632 bytes [12:21 13/12/2013] [12:13 13/12/2013]
digest.s --a---- 2840 bytes [12:21 13/12/2013] [12:13 13/12/2013]

C:\Documents and Settings\All Users\Application Data\MSN6 - Parameters: "/s"

---Files---
au.ini --a--c- 82 bytes [23:59 28/06/2017] [22:23 19/12/2007]

No folders found.

C:\WINDOWS\system32\LogFiles - Parameters: "/s"

---Files---
None found.

C:\WINDOWS\system32\LogFiles\HTTPERR d------ [23:48 28/06/2017]
httperr1.log --a--c- 48448 bytes [23:48 28/06/2017] [17:32 24/11/2013]

C:\WINDOWS\system32\LogFiles\WUDF d------ [19:03 02/09/2007]
WUDFTrace.etl --a---- 4096 bytes [23:19 13/04/2008] [14:19 15/12/2013]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

I see you have Dreamweaver and it's in a suspect folder with a 2017 date. Can you tell when you purchased it and where you got it from?


----------



## sharpeye72 (Aug 18, 2009)

Dreamweaver is again, a piece of software I thought had been removed several years ago.


----------



## Cookiegal (Aug 27, 2003)

What about MSN6? Do you use that?


----------



## sharpeye72 (Aug 18, 2009)

No I never use MSN6. I found the folder containing Dreamweaver, I didnt realize it was still on my laptop. I dont see me ever using it again so I've deleted it.


----------



## Cookiegal (Aug 27, 2003)

I would like you to uninstall Flash through the Control Panel - Add or Remove Programs by removing both of the following:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin

then also uninstall these (never use downloaders or download managers as they often install other things without you knowing.):

Adobe Download Manager
Adobe Reader X (10.1.8) (this is outdated and you need to install the lartest version)
Auslogics DiskDefrag (you should just use the Windows defragmenting system which is quite capable of doing the job)
Virtual DJ - Atomix Productions (this one may be part of the problem with the dates)

After uninstalling those, please delete these folders:

C:\Documents and Settings\user\Application Data\*Macromedia*
C:\Documents and Settings\All Users\Application Data\*MSN6*

Then reboot the machine and download the latest version of Adobe Flash (both the ActiveX version for IE and the plugin for FF) from the following link:

*Be sure to uncheck any additional downloads offered* such as the McAfee Security Scan Plus (or something else as the offers are not always the same).

http://get.adobe.com/flashplayer/

Then get Adobe Reader from the following link (be sure to uncheck any additional downloads again):

http://get.adobe.com/reader/

Once you've done all that please reboot the machine again. Then remove the copy of FRST that you have and grab the latest version then run a new scan and post that log please.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## sharpeye72 (Aug 18, 2009)

I have got to the point where I have uninstalled all the parts you asked me to and Im about to download the adobe parts. Something came to mind while I was going through these processes, while I was at uni, and it must have been around 2007, I installed several pieces of trial software. Some of this software used the system clock to determine when the trial period was at an end and so I attempted to fool the software by changing my system clock before installing. It makes sense to me now that I would have changed the clock to 2017.
Im sorry that I didnt think of this earlier but I'm pretty sure that would account for the date issues.


----------



## sharpeye72 (Aug 18, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-12-2013
Ran by user (administrator) on T30-UWZS1Q0D4LJ on 15-12-2013 21:17:15
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk
ShortcutTarget: Micronet SP907GK Wireless Network Utility.lnk -> C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {AAC31524-0FD2-47DB-B233-F1420B9F13BA} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {BD4F6FB2-F080-4A53-AA10-7F61DC3212B3} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 05 c:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\uw6sdi45.default-1382657574884
FF SearchEngineOrder.1: Google
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
R2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [73782 2005-11-11] ()
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2012-07-27] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-02] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [238464 2010-05-13] (AVEO Corp)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dk2drv; C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys [49720 2011-10-03] (Data Encryption Systems Limited)
R2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider)
R2 FLE5WNNT; C:\WINDOWS\System32\Drivers\fle5wnnt.sys [33404 2011-10-03] (Data Encryption Systems Limited)
R2 FLSIFACE; C:\WINDOWS\System32\Drivers\flsiface.sys [14272 2011-10-03] (Data Encryption Systems Limited)
R2 FLSPAR; C:\WINDOWS\System32\Drivers\flspar.sys [16314 2011-10-03] (Data Encryption Systems Limited)
R2 FLSSER; C:\WINDOWS\System32\Drivers\flsser.sys [8344 2011-10-03] (Data Encryption Systems Limited)
R2 FLSVCOM; C:\WINDOWS\System32\Drivers\flsvcom.sys [35226 2011-10-03] (Data Encryption Systems Limited)
S3 GcKernel; C:\Windows\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
S3 HIDSwvd; C:\Windows\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
R3 LucentSoftModem; C:\Windows\System32\DRIVERS\LTSM.sys [802683 2001-08-17] (Lucent Technologies)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [238976 2007-06-01] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [682232 2007-10-25] (Duplex Secure Ltd.)
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 wlluc48; C:\Windows\System32\DRIVERS\wlluc48.sys [154624 2004-08-03] (Lucent Technologies)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 dkpccard; C:\Windows\System32\Drivers\dkpccard.sys [14856 2011-10-03] (Data Encryption Systems Limited)
S4 hpt3xx; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2017-06-28 23:48 - 2007-09-02 19:03 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2017-05-29 22:02 - 2008-04-13 18:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HIDSwvd.sys
2017-05-29 22:02 - 2001-08-17 13:02 - 00002688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2017-05-29 21:55 - 2008-04-13 18:45 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2017-05-29 21:47 - 2010-05-27 09:49 - 00000000 ____D C:\Documents and Settings\user\Desktop\mame32u901
2017-05-29 21:35 - 2007-08-16 14:56 - 00002058 ____C C:\WINDOWS\mozver.dat
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2013-12-15 21:04 - 2013-12-15 21:04 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-12-15 21:04 - 2013-12-15 21:04 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-12-15 20:57 - 2013-12-15 21:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-15 20:57 - 2013-12-15 20:57 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-15 20:57 - 2013-12-15 20:57 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-15 20:52 - 2013-12-15 20:52 - 01060903 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-15 18:49 - 2013-12-15 18:49 - 00063760 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-14 23:16 - 2013-12-14 23:16 - 01226802 _____ C:\Documents and Settings\user\Desktop\AdwCleaner(2).exe
2013-12-14 21:44 - 2013-12-14 21:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-14 21:43 - 2013-12-14 21:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-14 21:42 - 2013-12-14 21:43 - 00005377 _____ C:\WINDOWS\KB2904266.log
2013-12-14 20:56 - 2013-12-14 20:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-14 15:26 - 2013-12-14 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-14 15:16 - 2013-12-14 15:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-14 14:19 - 2013-12-14 21:44 - 00014767 _____ C:\WINDOWS\KB2898715.log
2013-12-13 18:55 - 2013-12-14 21:00 - 00022957 _____ C:\WINDOWS\KB2893294.log
2013-12-13 18:52 - 2013-12-14 15:29 - 00019083 _____ C:\WINDOWS\KB2893984.log
2013-12-13 18:49 - 2013-12-14 15:18 - 00017780 _____ C:\WINDOWS\KB2892075.log
2013-12-13 18:43 - 2013-12-14 15:08 - 00109514 _____ C:\WINDOWS\KB2898785-IE7.log
2013-12-13 12:28 - 2013-12-13 12:28 - 00000856 _____ C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
2013-12-13 12:05 - 2013-12-13 12:05 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-12-10 06:39 - 2013-12-10 06:39 - 00009358 _____ C:\Documents and Settings\user\Desktop\uninstall_list.txt
2013-12-07 20:45 - 2013-12-07 20:45 - 02031992 _____ (Microsoft Corporation) C:\Documents and Settings\user\Desktop\MGADiag.exe
2013-12-07 01:37 - 2013-12-07 01:37 - 00144965 _____ C:\ComboFix.txt
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-07 01:18 - 2013-12-07 01:18 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-06 21:00 - 2013-12-07 00:26 - 05153080 ____R (Swearware) C:\ComboFix.exe
2013-12-06 15:13 - 2013-12-06 15:14 - 00000160 _____ C:\Documents and Settings\user\defogger_reenable
2013-12-06 12:59 - 2013-12-06 17:27 - 00006684 _____ C:\Documents and Settings\user\Desktop\aswMBR.txt
2013-12-06 12:59 - 2013-12-06 17:27 - 00000512 _____ C:\Documents and Settings\user\Desktop\MBR.dat
2013-12-06 12:07 - 2013-12-06 12:08 - 04745728 _____ (AVAST Software) C:\Documents and Settings\user\Desktop\aswmbr.exe
2013-12-03 23:09 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-03 23:09 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-03 23:09 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-03 23:09 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-03 22:56 - 2013-12-03 22:56 - 00000000 ____D C:\WINDOWS\CSC
2013-12-03 03:04 - 2013-12-03 03:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe
2013-12-02 21:02 - 2013-12-15 21:17 - 00012919 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-02 21:01 - 2013-12-03 22:38 - 00000000 ____D C:\Documents and Settings\user\Desktop\FixSharpeye
2013-12-02 21:00 - 2013-12-02 21:00 - 00000277 _____ C:\Documents and Settings\user\Desktop\FixSharpeye.zip
2013-12-02 18:56 - 2013-12-02 18:56 - 00075264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-02 18:31 - 2013-12-02 18:36 - 00000000 ____D C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic
2013-12-02 18:30 - 2013-12-02 18:30 - 00001223 _____ C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic.zip
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 07:46 - 2013-12-14 21:44 - 00019276 _____ C:\WINDOWS\updspapi.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:57 - 2013-12-02 06:06 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 05:43 - 2013-12-02 05:56 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:49 - 2013-12-02 03:58 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:35 - 2013-12-02 03:48 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00126635 _____ C:\WINDOWS\iis6.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00117473 _____ C:\WINDOWS\FaxSetup.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00056164 _____ C:\WINDOWS\ocgen.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00053602 _____ C:\WINDOWS\tsoc.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00038831 _____ C:\WINDOWS\comsetup.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00035740 _____ C:\WINDOWS\msmqinst.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00023581 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00020577 _____ C:\WINDOWS\netfxocm.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00008075 _____ C:\WINDOWS\MedCtrOC.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00006498 _____ C:\WINDOWS\ocmsn.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00005909 _____ C:\WINDOWS\tabletoc.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00005871 _____ C:\WINDOWS\msgsocm.log
2013-12-02 03:24 - 2013-12-14 21:44 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-02 03:24 - 2013-12-14 21:43 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-01 14:12 - 2013-12-02 09:13 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-01 14:07 - 2013-12-02 09:03 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-01 14:04 - 2013-12-02 08:54 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-01 14:01 - 2013-12-02 08:44 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-01 13:58 - 2013-12-02 08:35 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-01 13:55 - 2013-12-02 08:25 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-01 13:55 - 2013-12-02 07:48 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-11-29 23:28 - 2013-11-29 23:29 - 00013013 _____ C:\VEW.txt
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:25 - 2013-11-26 21:30 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2013-08-08 19:22 - 00000212 _____ C:\Boot.bak
2013-11-25 23:35 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-25 23:31 - 2013-12-07 01:37 - 00000000 ____D C:\Qoobox
2013-11-25 23:31 - 2013-12-07 01:30 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-24 16:16 - 2013-12-15 00:26 - 00000000 ____D C:\AdwCleaner
2013-11-23 23:18 - 2013-11-23 23:19 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 16:01 - 2013-11-26 19:10 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-16 06:01 - 2013-10-24 23:12 - 00873384 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2013-11-16 06:01 - 2013-10-24 23:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-16 06:00 - 2013-10-24 23:12 - 00796072 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-11-16 06:00 - 2013-10-24 23:12 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-16 06:00 - 2013-10-24 23:12 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-16 05:29 - 2013-11-16 16:04 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:02 - 2013-11-16 03:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

==================== One Month Modified Files and Folders =======

2017-06-29 00:13 - 2007-02-12 10:26 - 00001789 ____C C:\WINDOWS\system32\AUTOEXEC.NT
2017-06-29 00:00 - 2007-02-12 10:32 - 00000000 ____D C:\Program Files\MSN
2017-04-17 12:31 - 2017-04-17 12:31 - 00000000 ____D C:\Documents and Settings\user\My Documents\PCDJ Recordcase
2014-03-09 20:15 - 2008-04-05 19:33 - 00000268 ____H C:\sqmdata19.sqm
2014-03-09 20:15 - 2008-04-05 19:33 - 00000244 ____H C:\sqmnoopt19.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000268 ____H C:\sqmdata18.sqm
2014-03-09 20:07 - 2008-04-05 13:23 - 00000244 ____H C:\sqmnoopt18.sqm
2013-12-15 21:17 - 2013-12-02 21:02 - 00012919 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-15 21:04 - 2013-12-15 21:04 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-12-15 21:04 - 2013-12-15 21:04 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-12-15 21:02 - 2013-12-15 20:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-15 21:02 - 2007-08-02 14:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-15 21:01 - 2009-06-07 09:08 - 00000000 ____D C:\Program Files\Adobe
2013-12-15 21:01 - 2007-08-02 14:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-12-15 20:58 - 2007-08-02 14:19 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2013-12-15 20:57 - 2013-12-15 20:57 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-15 20:57 - 2013-12-15 20:57 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-15 20:52 - 2013-12-15 20:52 - 01060903 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-15 20:41 - 2012-07-27 15:03 - 00000387 _____ C:\WINDOWS\RTacDbg.txt
2013-12-15 20:41 - 2007-09-10 15:07 - 00000256 ____C C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2013-12-15 20:40 - 2012-10-23 23:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-15 20:40 - 2009-09-24 08:09 - 00000236 ____C C:\WINDOWS\Tasks\OGALogon.job
2013-12-15 20:36 - 2012-09-28 23:11 - 01286221 ____C C:\WINDOWS\WindowsUpdate.log
2013-12-15 20:35 - 2012-09-28 23:11 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-12-15 20:35 - 2012-09-28 23:11 - 00000050 ____C C:\WINDOWS\wiaservc.log
2013-12-15 20:34 - 2007-02-12 10:36 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-12-15 20:32 - 2007-02-12 10:41 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini
2013-12-15 20:32 - 2007-02-12 10:40 - 00032344 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-15 20:28 - 2007-04-27 00:35 - 00000000 ____D C:\Program Files\VirtualDJ
2013-12-15 20:22 - 2010-05-29 19:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NOS
2013-12-15 18:49 - 2013-12-15 18:49 - 00063760 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-15 00:26 - 2013-11-24 16:16 - 00000000 ____D C:\AdwCleaner
2013-12-14 23:16 - 2013-12-14 23:16 - 01226802 _____ C:\Documents and Settings\user\Desktop\AdwCleaner(2).exe
2013-12-14 21:44 - 2013-12-14 21:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-14 21:44 - 2013-12-14 14:19 - 00014767 _____ C:\WINDOWS\KB2898715.log
2013-12-14 21:44 - 2013-12-02 07:46 - 00019276 _____ C:\WINDOWS\updspapi.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00126635 _____ C:\WINDOWS\iis6.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00117473 _____ C:\WINDOWS\FaxSetup.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00056164 _____ C:\WINDOWS\ocgen.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00053602 _____ C:\WINDOWS\tsoc.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00038831 _____ C:\WINDOWS\comsetup.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00035740 _____ C:\WINDOWS\msmqinst.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00023581 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00020577 _____ C:\WINDOWS\netfxocm.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00008075 _____ C:\WINDOWS\MedCtrOC.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00006498 _____ C:\WINDOWS\ocmsn.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00005909 _____ C:\WINDOWS\tabletoc.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00005871 _____ C:\WINDOWS\msgsocm.log
2013-12-14 21:44 - 2013-12-02 03:24 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-14 21:43 - 2013-12-14 21:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-14 21:43 - 2013-12-14 21:42 - 00005377 _____ C:\WINDOWS\KB2904266.log
2013-12-14 21:43 - 2013-12-02 03:24 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-14 21:43 - 2007-04-19 14:12 - 00885910 ____C C:\WINDOWS\system32\TZLog.log
2013-12-14 21:41 - 2013-08-07 18:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-14 21:21 - 2007-04-19 14:14 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-14 21:00 - 2013-12-13 18:55 - 00022957 _____ C:\WINDOWS\KB2893294.log
2013-12-14 20:56 - 2013-12-14 20:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-14 20:41 - 2011-08-07 16:06 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-14 17:31 - 2007-02-12 10:25 - 00146016 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-14 15:29 - 2013-12-13 18:52 - 00019083 _____ C:\WINDOWS\KB2893984.log
2013-12-14 15:26 - 2013-12-14 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-14 15:18 - 2013-12-13 18:49 - 00017780 _____ C:\WINDOWS\KB2892075.log
2013-12-14 15:16 - 2013-12-14 15:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-14 15:08 - 2013-12-13 18:43 - 00109514 _____ C:\WINDOWS\KB2898785-IE7.log
2013-12-14 14:47 - 2008-09-21 02:01 - 00000000 ____D C:\WINDOWS\ie7updates
2013-12-14 14:29 - 2012-08-26 20:00 - 00134656 ____C C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-14 14:14 - 2001-08-18 12:00 - 00002422 ____C C:\WINDOWS\system32\wpa.dbl
2013-12-13 12:28 - 2013-12-13 12:28 - 00000856 _____ C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
2013-12-13 12:28 - 2009-05-21 18:31 - 00000856 ____C C:\Documents and Settings\user\Start Menu\GOM Player.lnk
2013-12-13 12:16 - 2010-01-11 13:15 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-12-13 12:05 - 2013-12-13 12:05 - 00646656 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTS.exe
2013-12-11 19:39 - 2011-06-29 20:17 - 00000000 ____D C:\Documents and Settings\user\Application Data\vlc
2013-12-11 10:03 - 2012-10-27 19:23 - 00000000 ____D C:\Documents and Settings\user\Application Data\uTorrent
2013-12-10 06:39 - 2013-12-10 06:39 - 00009358 _____ C:\Documents and Settings\user\Desktop\uninstall_list.txt
2013-12-10 06:38 - 2011-10-10 13:26 - 00002445 ____C C:\Documents and Settings\user\Desktop\HiJackThis.lnk
2013-12-09 13:06 - 2011-07-31 21:10 - 00000284 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-12-08 19:39 - 2013-10-17 22:30 - 00167424 _____ C:\Documents and Settings\user\My Documents\season 14-15 squad.xls
2013-12-07 20:45 - 2013-12-07 20:45 - 02031992 _____ (Microsoft Corporation) C:\Documents and Settings\user\Desktop\MGADiag.exe
2013-12-07 02:47 - 2007-02-12 10:40 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-07 01:37 - 2013-12-07 01:37 - 00144965 _____ C:\ComboFix.txt
2013-12-07 01:37 - 2013-11-25 23:31 - 00000000 ____D C:\Qoobox
2013-12-07 01:30 - 2013-11-25 23:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-07 01:24 - 2001-08-18 12:00 - 00000304 _____ C:\WINDOWS\system.ini
2013-12-07 01:20 - 2007-02-12 10:25 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-07 01:20 - 2007-02-12 10:25 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-12-07 01:20 - 2007-02-12 10:24 - 39583744 _____ C:\WINDOWS\system32\config\software.bak
2013-12-07 01:20 - 2007-02-12 10:24 - 15466496 _____ C:\WINDOWS\system32\config\system.bak
2013-12-07 01:20 - 2007-02-12 10:24 - 01835008 _____ C:\WINDOWS\system32\config\default.bak
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-07 01:19 - 2013-12-07 01:19 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-07 01:18 - 2013-12-07 01:18 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-07 01:15 - 2007-04-17 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Sports Interactive
2013-12-07 00:26 - 2013-12-06 21:00 - 05153080 ____R (Swearware) C:\ComboFix.exe
2013-12-06 17:27 - 2013-12-06 12:59 - 00006684 _____ C:\Documents and Settings\user\Desktop\aswMBR.txt
2013-12-06 17:27 - 2013-12-06 12:59 - 00000512 _____ C:\Documents and Settings\user\Desktop\MBR.dat
2013-12-06 15:14 - 2013-12-06 15:13 - 00000160 _____ C:\Documents and Settings\user\defogger_reenable
2013-12-06 14:16 - 2013-11-13 04:48 - 00082926 _____ C:\WINDOWS\setupapi.log
2013-12-06 12:08 - 2013-12-06 12:07 - 04745728 _____ (AVAST Software) C:\Documents and Settings\user\Desktop\aswmbr.exe
2013-12-03 22:56 - 2013-12-03 22:56 - 00000000 ____D C:\WINDOWS\CSC
2013-12-03 22:38 - 2013-12-02 21:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\FixSharpeye
2013-12-03 03:04 - 2013-12-03 03:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 00000277 _____ C:\Documents and Settings\user\Desktop\FixSharpeye.zip
2013-12-02 18:56 - 2013-12-02 18:56 - 00075264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-02 18:36 - 2013-12-02 18:31 - 00000000 ____D C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic
2013-12-02 18:30 - 2013-12-02 18:30 - 00001223 _____ C:\Documents and Settings\user\Desktop\Mountpoints Diagnostic.zip
2013-12-02 14:14 - 2007-07-03 19:39 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-02 09:13 - 2013-12-01 14:12 - 00147442 _____ C:\WINDOWS\KB2868626.log
2013-12-02 09:11 - 2013-12-02 09:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-02 09:03 - 2013-12-01 14:07 - 00146443 _____ C:\WINDOWS\KB2847311.log
2013-12-02 09:01 - 2013-12-02 09:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-02 08:54 - 2013-12-01 14:04 - 00146907 _____ C:\WINDOWS\KB2876217.log
2013-12-02 08:52 - 2013-12-02 08:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-02 08:44 - 2013-12-01 14:01 - 00143119 _____ C:\WINDOWS\KB2864063.log
2013-12-02 08:42 - 2013-12-02 08:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-02 08:35 - 2013-12-01 13:58 - 00145866 _____ C:\WINDOWS\KB2862152.log
2013-12-02 08:33 - 2013-12-02 08:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-02 08:25 - 2013-12-01 13:55 - 00290469 _____ C:\WINDOWS\KB2888505-IE7.log
2013-12-02 07:48 - 2013-12-01 13:55 - 00134283 _____ C:\WINDOWS\KB2876331.log
2013-12-02 07:46 - 2013-12-02 07:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-02 07:35 - 2013-12-02 07:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-02 07:12 - 2013-01-13 18:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-02 06:52 - 2007-02-12 10:26 - 00627386 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-02 06:06 - 2013-12-02 05:57 - 00126152 _____ C:\WINDOWS\KB2900986.log
2013-12-02 06:04 - 2013-12-02 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-02 05:56 - 2013-12-02 05:43 - 00128164 _____ C:\WINDOWS\KB2862335.log
2013-12-02 05:53 - 2013-12-02 05:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-02 04:17 - 2013-01-13 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-12-02 03:58 - 2013-12-02 03:49 - 00005402 _____ C:\WINDOWS\KB2884256.log
2013-12-02 03:56 - 2013-12-02 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-12-02 03:48 - 2013-12-02 03:35 - 00007768 _____ C:\WINDOWS\KB2868038.log
2013-12-02 03:46 - 2013-12-02 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-02 03:23 - 2013-12-02 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-29 23:29 - 2013-11-29 23:28 - 00013013 _____ C:\VEW.txt
2013-11-29 21:58 - 2012-08-19 07:40 - 00000000 ____D C:\Documents and Settings\user\Desktop\cv stiff
2013-11-28 09:14 - 2013-11-28 09:14 - 00000000 ____D C:\_OTS
2013-11-26 21:31 - 2013-11-26 21:31 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software
2013-11-26 21:30 - 2013-11-26 21:25 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2013-11-26 21:06 - 2013-11-26 21:06 - 03687936 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2013-11-26 20:19 - 2013-02-15 00:46 - 00000000 ____D C:\Program Files\Full Tilt Poker
2013-11-26 19:10 - 2013-11-16 16:01 - 00000000 ____D C:\Documents and Settings\user\Desktop\Poker AV's
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 23:35 - 2013-11-25 23:35 - 00000000 _RSHD C:\cmdcons
2013-11-25 23:35 - 2007-02-12 10:24 - 00000328 __RSH C:\boot.ini
2013-11-24 20:11 - 2007-07-01 02:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2013-11-24 14:48 - 2013-11-02 13:50 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-24 14:45 - 2013-03-17 11:24 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-24 14:45 - 2012-10-26 12:50 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-24 14:45 - 2012-10-26 12:48 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-24 14:45 - 2012-10-26 12:48 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-23 23:19 - 2013-11-23 23:18 - 00000883 _____ C:\WINDOWS\KB927891.log
2013-11-23 14:57 - 2013-02-14 17:27 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Deployment
2013-11-23 14:43 - 2007-02-12 10:21 - 00000000 ____D C:\WINDOWS\system
2013-11-22 21:52 - 2013-11-22 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-11-22 21:46 - 2013-11-22 21:46 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00001556 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2013-11-22 21:46 - 2013-11-22 21:46 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canneverbe Limited
2013-11-22 21:45 - 2013-11-22 21:45 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-16 20:42 - 2013-11-16 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-11-16 16:04 - 2013-11-16 05:29 - 00000180 _____ C:\WINDOWS\setupact.log
2013-11-16 16:01 - 2012-08-19 07:43 - 00000000 ____D C:\Documents and Settings\user\Desktop\media players
2013-11-16 16:00 - 2012-08-19 07:39 - 00000000 ____D C:\Documents and Settings\user\Desktop\av and fw
2013-11-16 06:51 - 2012-09-29 11:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 06:36 - 2007-06-29 01:08 - 00000000 ____D C:\Program Files\Java
2013-11-16 06:36 - 2007-06-29 01:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 05:29 - 2013-11-16 05:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-16 03:06 - 2013-11-16 03:06 - 00001585 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Program Files\iTunes
2013-11-16 03:05 - 2013-11-16 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-16 03:03 - 2013-11-16 03:03 - 00000000 ____D C:\Program Files\iPod
2013-11-16 03:02 - 2009-11-13 19:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-16 01:54 - 2012-10-30 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\temp\oi_{672BAC1D-6D24-4A7D-A4AC-78BA2E4A4A15}.exe
C:\Documents and Settings\user\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

sharpeye72 said:


> I have got to the point where I have uninstalled all the parts you asked me to and Im about to download the adobe parts. Something came to mind while I was going through these processes, while I was at uni, and it must have been around 2007, I installed several pieces of trial software. Some of this software used the system clock to determine when the trial period was at an end and so I attempted to fool the software by changing my system clock before installing. It makes sense to me now that I would have changed the clock to 2017.
> Im sorry that I didnt think of this earlier but I'm pretty sure that would account for the date issues.


As I'm sure you're aware we don't condone this practice and it's most certainly caused problems on the machine. The date needs to be accurate for things to function properly.

Anyway, I'll review the log and post back tomorrow as I'm tired and sore from shovelling all day so I'm going to take it easy tonight.


----------



## sharpeye72 (Aug 18, 2009)

I totally understand and I can promise you I would never contemplate doing anything like that nowadays. These changes I made to the system clock didn't fool the software in any event and everything was removed as the trial periods came to an end. I hope this will explain some of the clock related issues you have seen.


----------



## Cookiegal (Aug 27, 2003)

Yes, it does. I realize that was a long time ago but you still have uTorrent. I would recommend uninstalling uTorrent and Daemon Tools and installing Internet Explorer 8 because you're only running 7 which is outdated.

It was really the date thing that I was trying to troubleshoot. What other problems remain?


----------



## sharpeye72 (Aug 18, 2009)

There are no other issues I am aware of, I was just trying to clear AVG remains out if my system which seems to be all clear now.


----------



## Cookiegal (Aug 27, 2003)

Let's just take another look at the Event Viewer. please run it again and post the log.


----------



## sharpeye72 (Aug 18, 2009)

Hi, I cant find uTorrent or Daemon Tools in the add/remove programs list and I never use IE at all. When you say run the Event Viewer again, which tool was that?


----------



## Cookiegal (Aug 27, 2003)

There are remnants of uTorrent then that we can get rid of.

It doesn't matter that YOU don't use IE but your system does use it for updates. IE7 is more vulnerable so you should update to IE8. Once you've done that get this cumulative update for IE8 immediately:

http://www.microsoft.com/en-us/download/details.aspx?id=41404

We used VEW earlier in this thread so it should still be on your desktop but if not you can download it again so I'll post the full instructions:

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## sharpeye72 (Aug 18, 2009)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 18/12/2013 17:35:40

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/12/2013 11:53:35
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 32126566 

Log: 'Application' Date/Time: 18/12/2013 11:53:35
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 32126566 

Log: 'Application' Date/Time: 18/12/2013 11:53:35
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second 

Log: 'Application' Date/Time: 18/12/2013 11:53:22
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 32112336 

Log: 'Application' Date/Time: 18/12/2013 11:53:22
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 32112336 

Log: 'Application' Date/Time: 18/12/2013 11:53:21
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second 

Log: 'Application' Date/Time: 17/12/2013 14:43:51
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 13368944 

Log: 'Application' Date/Time: 17/12/2013 14:43:51
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 13368944 

Log: 'Application' Date/Time: 17/12/2013 14:43:51
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second 

Log: 'Application' Date/Time: 17/12/2013 14:43:36
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 13353882 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/12/2013 06:53:00
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. 

Log: 'Application' Date/Time: 02/12/2013 02:34:07
Type: warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/12/2013 16:44:48
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Log: 'System' Date/Time: 18/12/2013 16:44:43
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 

Log: 'System' Date/Time: 18/12/2013 11:53:26
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service. 

Log: 'System' Date/Time: 15/12/2013 20:35:02
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Log: 'System' Date/Time: 15/12/2013 14:19:40
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Log: 'System' Date/Time: 15/12/2013 00:29:03
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Log: 'System' Date/Time: 15/12/2013 00:26:35
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 

Log: 'System' Date/Time: 15/12/2013 00:26:29
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 

Log: 'System' Date/Time: 15/12/2013 00:26:29
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The iPod Service service terminated unexpectedly. It has done this 1 time(s). 

Log: 'System' Date/Time: 15/12/2013 00:26:29
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/12/2013 23:10:43
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation. 

Log: 'System' Date/Time: 14/12/2013 23:10:43
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation. 

Log: 'System' Date/Time: 11/12/2013 10:04:18
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 11/12/2013 04:56:06
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 10/12/2013 23:31:18
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 10/12/2013 14:50:59
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 10/12/2013 07:18:10
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 10/12/2013 05:07:49
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 09/12/2013 23:14:12
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 09/12/2013 22:42:14
Type: warning Category: 0
Event: 50 Source: Fastfat
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.


----------



## Cookiegal (Aug 27, 2003)

Do you use this Infrared Monitor thing?


----------



## sharpeye72 (Aug 18, 2009)

No, no idea what that is !!


----------



## Cookiegal (Aug 27, 2003)

What is the make and model of this machine?


----------



## sharpeye72 (Aug 18, 2009)

Ibm t30


----------



## Cookiegal (Aug 27, 2003)

It looks like it has something to do with an infrared port and hotsynching mobile devices. But unfortunately, that's not my area and I don't know if it's needed. The errors show it's not starting up because it's dependon on Terminal Services which won't start but it's also secure to disable Terminal Services so I'd hestitate to say to turn that back on.

If there are no other problems with the machine I'd suggest starting a new thread to troubleshhoot these errors.

I don't think the Bonjour Service is anything to worry about though.


----------



## sharpeye72 (Aug 18, 2009)

I think bonjour services is something to do with apple for connect9ing my iphone, as for the rest, I'm lost, I've never used any infrared device, I dont even think there's an infrared port on this laptop


----------



## Cookiegal (Aug 27, 2003)

I don't know about those things either unfortunately.


----------



## sharpeye72 (Aug 18, 2009)

OK, no worries. I understand what you mean about windows updates using IE so I updated to IE8


----------



## Cookiegal (Aug 27, 2003)

I don't think there's much else we can do here in this thread then so I'll post my regular final instructions.

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging in to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## sharpeye72 (Aug 18, 2009)

OK, thats all done. I'm glad you went through that part with me as I just found my system restore point was turned off. At least its on now


----------



## Cookiegal (Aug 27, 2003)

There was an error regarding system restore saying it had stopped working. Creating the manual restore point should have jump started it back to normal but keep an eye on it and let me know if it goes off again.


----------

