Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't use windows update anymore


  • Please log in to reply

#1
insparks

insparks

    Member

  • Member
  • PipPip
  • 51 posts
I can't use windows update or format any SD media and computer keeps rebooting when using my web cam.

Tried using spy-bot in safe mode.

OTL log:
OTL logfile created on: 10/6/2013 7:33:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 64.20% Memory free
3.60 Gb Paging File | 3.13 Gb Available in Paging File | 86.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.60 Gb Free Space | 19.22% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.60 Gb Free Space | 19.22% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/18 18:44:03 | 000,017,816 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/05/27 01:18:44 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
PRC - [2008/05/27 01:18:18 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
PRC - [2008/05/27 01:17:56 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
PRC - [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/13 19:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008/04/13 19:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2006/10/18 23:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/18 23:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe


========== Modules (All) ==========

MOD - [2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2013/09/18 18:44:04 | 003,215,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\gkmedias.dll
MOD - [2013/09/18 18:44:04 | 000,301,464 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\freebl3.dll
MOD - [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
MOD - [2013/09/18 18:44:04 | 000,271,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll
MOD - [2013/09/18 18:44:03 | 021,527,448 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xul.dll
MOD - [2013/09/18 18:44:03 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/18 18:44:03 | 001,775,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nss3.dll
MOD - [2013/09/18 18:44:03 | 000,392,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssckbi.dll
MOD - [2013/09/18 18:44:03 | 000,152,984 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\softokn3.dll
MOD - [2013/09/18 18:44:03 | 000,128,920 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozglue.dll
MOD - [2013/09/18 18:44:03 | 000,091,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssdbm3.dll
MOD - [2013/09/18 18:44:03 | 000,017,816 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
MOD - [2013/09/18 18:44:03 | 000,016,280 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozalloc.dll
MOD - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
MOD - [2013/09/10 12:56:08 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/06/22 07:26:53 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Java\jre7\bin\msvcr100.dll
MOD - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
MOD - [2013/06/01 00:54:44 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll
MOD - [2013/06/01 00:53:01 | 001,050,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll
MOD - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
MOD - [2013/02/01 13:22:13 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcr100.dll
MOD - [2013/02/01 13:22:13 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcp100.dll
MOD - [2012/12/13 20:13:34 | 001,331,016 | ---- | M] (MainConcept GmbH) -- C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax
MOD - [2012/12/13 20:13:34 | 000,607,232 | ---- | M] (MainConcept GmbH) -- C:\Program Files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax
MOD - [2012/07/08 20:32:34 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/07/08 20:32:32 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
MOD - [2012/07/08 20:32:28 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
MOD - [2012/07/08 20:32:24 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
MOD - [2012/07/08 20:32:22 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
MOD - [2012/07/08 20:32:16 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/07/08 20:30:56 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/07/08 20:27:55 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/07/08 20:27:52 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/07/08 20:27:50 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/07/08 20:27:45 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/07/08 19:02:46 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/07/08 19:02:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/07/08 19:02:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/07/08 19:01:36 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/07/08 19:01:06 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/07/08 19:00:49 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2012/05/16 10:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2012/05/11 20:12:34 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll
MOD - [2012/05/11 09:42:33 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2012/05/11 09:42:33 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2012/05/11 09:42:33 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeeds.dll
MOD - [2012/02/29 09:10:16 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll
MOD - [2012/02/29 09:10:16 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2012/02/09 10:43:34 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
MOD - [2011/12/15 13:08:30 | 006,727,424 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
MOD - [2011/12/15 13:08:30 | 000,386,824 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MOD - [2011/12/15 13:08:30 | 000,057,616 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MOD - [2011/11/16 09:21:44 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winhttp.dll
MOD - [2011/11/16 09:21:44 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MOD - [2011/11/01 11:07:10 | 001,288,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2011/10/14 09:47:29 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll
MOD - [2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010/12/22 07:34:28 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
MOD - [2010/12/20 12:32:15 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010/12/20 12:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll
MOD - [2010/12/09 10:15:09 | 000,718,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010/11/09 09:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2010/08/27 03:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\t2embed.dll
MOD - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srvsvc.dll
MOD - [2010/08/23 11:12:04 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comctl32.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
MOD - [2010/08/16 03:45:00 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010/06/14 02:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll
MOD - [2010/04/16 10:36:56 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usp10.dll
MOD - [2010/04/06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WMVCore.dll
MOD - [2010/03/18 13:16:28 | 000,771,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr100_clr0400.dll
MOD - [2010/03/18 13:16:28 | 000,413,008 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MOD - [2010/03/18 13:16:28 | 000,044,368 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
MOD - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
MOD - [2009/12/08 04:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009/11/07 01:07:04 | 000,297,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscoree.dll
MOD - [2009/10/21 00:38:36 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\strmfilt.dll
MOD - [2009/10/21 00:38:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\httpapi.dll
MOD - [2009/10/13 05:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oakley.dll
MOD - [2009/10/12 08:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll
MOD - [2009/10/12 08:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll
MOD - [2009/09/11 09:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
MOD - [2009/09/04 16:03:36 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2009/08/06 20:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wups2.dll
MOD - [2009/08/06 20:23:46 | 001,929,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuaueng.dll
MOD - [2009/07/31 11:05:44 | 001,372,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml6.dll
MOD - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shsvcs.dll
MOD - [2009/07/17 14:01:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll
MOD - [2009/07/17 11:22:18 | 001,435,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\query.dll
MOD - [2009/07/17 09:34:52 | 002,065,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/07/11 20:46:20 | 001,105,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
MOD - [2009/07/11 20:32:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
MOD - [2009/06/25 03:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009/06/25 03:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll
MOD - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wkssvc.dll
MOD - [2009/05/25 01:24:06 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mssph.dll
MOD - [2009/05/24 23:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/05/07 10:32:35 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\localspl.dll
MOD - [2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
MOD - [2009/03/10 23:18:00 | 000,239,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaLogon.dll
MOD - [2009/03/08 05:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\webcheck.dll
MOD - [2009/03/06 09:22:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll
MOD - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll
MOD - [2009/02/09 07:10:48 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll
MOD - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll
MOD - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
MOD - [2009/01/07 19:21:04 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xmllite.dll
MOD - [2009/01/07 19:20:36 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll
MOD - [2008/10/23 07:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008/10/15 11:34:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
MOD - [2008/07/25 12:17:04 | 000,095,232 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MOD - [2008/07/25 12:17:02 | 000,027,136 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
MOD - [2008/07/25 12:17:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
MOD - [2008/07/25 12:16:58 | 000,018,936 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
MOD - [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\es.dll
MOD - [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
MOD - [2008/06/24 11:43:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll
MOD - [2008/06/12 09:23:32 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll
MOD - [2008/05/27 01:21:26 | 001,418,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mssrch.dll
MOD - [2008/05/27 01:21:08 | 001,582,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tquery.dll
MOD - [2008/05/27 01:19:36 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oeph.dll
MOD - [2008/05/27 01:19:28 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\UncPH.dll
MOD - [2008/05/27 01:18:44 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
MOD - [2008/05/27 01:18:18 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
MOD - [2008/05/27 01:17:48 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\propsys.dll
MOD - [2008/05/27 01:17:44 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscb.dll
MOD - [2008/05/27 01:17:38 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msshooks.dll
MOD - [2008/05/27 01:17:36 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\en-us\tquery.dll.mui
MOD - [2008/05/27 01:17:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mssprxy.dll
MOD - [2008/05/19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll
MOD - [2008/04/25 21:06:50 | 000,055,808 | ---- | M] (ArcSoft, Inc.) -- C:\WINDOWS\system32\ArcSoftKsUFilter.dll
MOD - [2008/04/14 07:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008/04/13 19:12:45 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\h323.tsp
MOD - [2008/04/13 19:12:45 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\unimdm.tsp
MOD - [2008/04/13 19:12:45 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008/04/13 19:12:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ndptsp.tsp
MOD - [2008/04/13 19:12:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kmddsp.tsp
MOD - [2008/04/13 19:12:45 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hidphone.tsp
MOD - [2008/04/13 19:12:45 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdmaud.drv
MOD - [2008/04/13 19:12:45 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipconf.tsp
MOD - [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
MOD - [2008/04/13 19:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
MOD - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
MOD - [2008/04/13 19:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
MOD - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
MOD - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
MOD - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsvc.dll
MOD - [2008/04/13 19:12:11 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll
MOD - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauserv.dll
MOD - [2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscsvc.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2008/04/13 19:12:10 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll
MOD - [2008/04/13 19:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 19:12:09 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmisvc.dll
MOD - [2008/04/13 19:12:09 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll
MOD - [2008/04/13 19:12:09 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll
MOD - [2008/04/13 19:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wlnotify.dll
MOD - [2008/04/13 19:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 19:12:09 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll
MOD - [2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winrnr.dll
MOD - [2008/04/13 19:12:08 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008/04/13 19:12:08 | 000,589,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiashext.dll
MOD - [2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008/04/13 19:12:08 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll
MOD - [2008/04/13 19:12:08 | 000,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssapi.dll
MOD - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiaservc.dll
MOD - [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll
MOD - [2008/04/13 19:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008/04/13 19:12:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll
MOD - [2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w32time.dll
MOD - [2008/04/13 19:12:08 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\upnp.dll
MOD - [2008/04/13 19:12:08 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32spl.dll
MOD - [2008/04/13 19:12:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll
MOD - [2008/04/13 19:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll
MOD - [2008/04/13 19:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008/04/13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usbmon.dll
MOD - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w3ssl.dll
MOD - [2008/04/13 19:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
MOD - [2008/04/13 19:12:07 | 000,385,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\themeui.dll
MOD - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv.dll
MOD - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapisrv.dll
MOD - [2008/04/13 19:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll
MOD - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srsvc.dll
MOD - [2008/04/13 19:12:07 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umpnpmgr.dll
MOD - [2008/04/13 19:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\stobject.dll
MOD - [2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\trkwks.dll
MOD - [2008/04/13 19:12:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\unimdmat.dll
MOD - [2008/04/13 19:12:07 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sti.dll
MOD - [2008/04/13 19:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008/04/13 19:12:07 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpmon.dll
MOD - [2008/04/13 19:12:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ssdpapi.dll
MOD - [2008/04/13 19:12:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uniplat.dll
MOD - [2008/04/13 19:12:06 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolss.dll
MOD - [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll
MOD - [2008/04/13 19:12:05 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll
MOD - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schedsvc.dll
MOD - [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
MOD - [2008/04/13 19:12:05 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc_os.dll
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sens.dll
MOD - [2008/04/13 19:12:05 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll
MOD - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\seclogon.dll
MOD - [2008/04/13 19:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll
MOD - [2008/04/13 19:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc.dll
MOD - [2008/04/13 19:12:04 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll
MOD - [2008/04/13 19:12:04 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll
MOD - [2008/04/13 19:12:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008/04/13 19:12:04 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll
MOD - [2008/04/13 19:12:04 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll
MOD - [2008/04/13 19:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/13 19:12:03 | 000,658,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasdlg.dll
MOD - [2008/04/13 19:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgr.dll
MOD - [2008/04/13 19:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll
MOD - [2008/04/13 19:12:03 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasppp.dll
MOD - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasmans.dll
MOD - [2008/04/13 19:12:03 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psbase.dll
MOD - [2008/04/13 19:12:03 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll
MOD - [2008/04/13 19:12:03 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasqec.dll
MOD - [2008/04/13 19:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll
MOD - [2008/04/13 19:12:03 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastapi.dll
MOD - [2008/04/13 19:12:03 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pstorsvc.dll
MOD - [2008/04/13 19:12:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll
MOD - [2008/04/13 19:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008/04/13 19:12:03 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgrprxy.dll
MOD - [2008/04/13 19:12:03 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll
MOD - [2008/04/13 19:12:03 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll
MOD - [2008/04/13 19:12:02 | 001,703,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netshell.dll
MOD - [2008/04/13 19:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:12:02 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll
MOD - [2008/04/13 19:12:02 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll
MOD - [2008/04/13 19:12:02 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008/04/13 19:12:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008/04/13 19:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2008/04/13 19:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
MOD - [2008/04/13 19:12:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfproc.dll
MOD - [2008/04/13 19:12:02 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll
MOD - [2008/04/13 19:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll
MOD - [2008/04/13 19:12:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll
MOD - [2008/04/13 19:12:02 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pjlmon.dll
MOD - [2008/04/13 19:12:02 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlsapi.dll
MOD - [2008/04/13 19:12:01 | 000,622,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll
MOD - [2008/04/13 19:12:01 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netman.dll
MOD - [2008/04/13 19:12:01 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvfw32.dll
MOD - [2008/04/13 19:12:01 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll
MOD - [2008/04/13 19:12:01 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll
MOD - [2008/04/13 19:12:01 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll
MOD - [2008/04/13 19:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
MOD - [2008/04/13 19:12:00 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstlsapi.dll
MOD - [2008/04/13 19:12:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspatcha.dll
MOD - [2008/04/13 19:11:59 | 000,997,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:59 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msidle.dll
MOD - [2008/04/13 19:11:59 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll
MOD - [2008/04/13 19:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 19:11:57 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008/04/13 19:11:57 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\modemui.dll
MOD - [2008/04/13 19:11:57 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/13 19:11:57 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2008/04/13 19:11:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\midimap.dll
MOD - [2008/04/13 19:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipnathlp.dll
MOD - [2008/04/13 19:11:55 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipsecsvc.dll
MOD - [2008/04/13 19:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 19:11:55 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetpp.dll
MOD - [2008/04/13 19:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll
MOD - [2008/04/13 19:11:54 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icm32.dll
MOD - [2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008/04/13 19:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2008/04/13 19:11:54 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icaapi.dll
MOD - [2008/04/13 19:11:53 | 001,082,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll
MOD - [2008/04/13 19:11:53 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll
MOD - [2008/04/13 19:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
MOD - [2008/04/13 19:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ersvc.dll
MOD - [2008/04/13 19:11:52 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2008/04/13 19:11:52 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\duser.dll
MOD - [2008/04/13 19:11:52 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput8.dll
MOD - [2008/04/13 19:11:52 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll
MOD - [2008/04/13 19:11:52 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll
MOD - [2008/04/13 19:11:52 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll
MOD - [2008/04/13 19:11:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll
MOD - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmserver.dll
MOD - [2008/04/13 19:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dimsntfy.dll
MOD - [2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 19:11:52 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll
MOD - [2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comsvcs.dll
MOD - [2008/04/13 19:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008/04/13 19:11:51 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll
MOD - [2008/04/13 19:11:51 | 000,512,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll
MOD - [2008/04/13 19:11:51 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscui.dll
MOD - [2008/04/13 19:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008/04/13 19:11:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll
MOD - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dhcpcsvc.dll
MOD - [2008/04/13 19:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscdll.dll
MOD - [2008/04/13 19:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptnet.dll
MOD - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll
MOD - [2008/04/13 19:11:51 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\colbact.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/13 19:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll
MOD - [2008/04/13 19:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 19:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browseui.dll
MOD - [2008/04/13 19:11:50 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008/04/13 19:11:50 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll
MOD - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browser.dll
MOD - [2008/04/13 19:11:50 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\authz.dll
MOD - [2008/04/13 19:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 19:11:50 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll
MOD - [2008/04/13 19:11:50 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cnbjmon.dll
MOD - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\audiosrv.dll
MOD - [2008/04/13 19:11:50 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\batmeter.dll
MOD - [2008/04/13 19:11:49 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008/04/13 19:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/04/13 19:11:48 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/13 19:11:48 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/13 19:11:48 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\actxprxy.dll
MOD - [2008/04/13 19:11:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acadproc.dll
MOD - [2008/04/13 19:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmi.dll
MOD - [2008/04/13 19:10:06 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008/04/13 19:09:05 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cfgmgr32.dll
MOD - [2008/04/13 12:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2008/04/13 12:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008/04/13 12:37:57 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll
MOD - [2008/04/13 12:26:05 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2008/04/13 12:03:24 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browselc.dll
MOD - [2008/04/13 12:03:19 | 000,549,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdoclc.dll
MOD - [2008/04/13 11:23:31 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll
MOD - [2008/01/11 21:52:59 | 000,421,888 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll
MOD - [2007/10/27 20:40:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmasf.dll
MOD - [2007/05/11 00:54:07 | 000,372,736 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2006/10/19 00:47:22 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WMVDECOD.dll
MOD - [2006/10/19 00:47:20 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnssci.dll
MOD - [2006/10/19 00:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PortableDeviceApi.dll
MOD - [2006/10/19 00:47:18 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qasf.dll
MOD - [2006/10/19 00:47:14 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFPLAT.dll
MOD - [2006/10/18 23:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
MOD - [2006/09/29 09:56:38 | 000,028,248 | R--- | M] (Adobe Systems Incorporated.) -- C:\WINDOWS\system32\AdobePDF.dll
MOD - [2006/09/28 21:56:16 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfPlatform.dll
MOD - [2006/09/28 21:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll
MOD - [2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
MOD - [2003/06/18 20:31:48 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mdimon.dll
MOD - [2001/08/23 07:00:00 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\infosoft.dll
MOD - [2001/08/23 07:00:00 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui2.dll
MOD - [2001/08/23 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netmsg.dll
MOD - [2001/08/23 07:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiavusd.dll
MOD - [2001/08/23 07:00:00 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mapi32.dll
MOD - [2001/08/23 07:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\langwrbk.dll
MOD - [2001/08/23 07:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprui.dll
MOD - [2001/08/23 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.drv
MOD - [2001/08/23 07:00:00 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll
MOD - [1997/12/05 18:31:12 | 000,158,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Script Control\msscript.ocx


========== Services (All) ==========

SRV - [2013/09/20 08:56:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 18:44:03 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/09 16:23:10 | 001,107,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WsmSvc.dll -- (WinRM)
SRV - [2009/09/01 16:32:12 | 000,087,344 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/05/27 01:18:44 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 19:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2008/04/13 19:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 19:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 19:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 19:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 19:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 19:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (cisvc)
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008/01/25 00:28:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/21 20:15:20 | 000,223,248 | ---- | M] (Paragon GmbH) [Disabled | Stopped] -- C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe -- (NetBurnerService)
SRV - [2006/10/19 00:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 23:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 21:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/23 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Unknown] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2012/05/02 08:46:36 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/04/18 10:05:32 | 000,015,720 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/07/25 18:53:48 | 000,064,512 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2011/07/20 15:13:16 | 000,035,328 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/08/02 16:42:44 | 000,134,616 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/07/14 10:35:16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 13:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 13:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 13:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 13:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 13:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 13:46:20 | 000,121,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2008/04/13 12:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 12:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 12:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/14 19:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/04 14:05:58 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/03/29 12:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/03/26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 16:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/27 03:14:50 | 000,042,496 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V)
DRV - [2007/02/21 20:15:20 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2007/02/21 20:15:12 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/02/21 20:15:12 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/02/21 20:15:12 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/18 23:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/04/30 11:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 11:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/01 16:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)
DRV - [2001/08/23 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2001/08/23 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/23 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/23 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/23 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 07:13:08 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...97&ocid=UP97DHP
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7191D1-C6C9-4AE4-9515-1735958A3719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{3F8C7A0E-E4EB-4196-9531-4D194A1B16C0}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{9DFECFD4-5148-43CB-BAF5-D63418368BC4}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{DC04EA3C-687E-438D-BF5D-AF4584BEED23}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: twitternotifier%40naan.net:2.5.2
FF - prefs.js..extensions.enabledAddons: youtubedownloader%40mybrowserbar.com:6.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.41
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:42:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 18:43:54 | 000,000,000 | ---D | M]

[2008/07/08 16:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2008/07/08 16:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/09/26 20:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions
[2013/09/08 08:32:37 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/12/03 15:18:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/10/03 05:29:59 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\[email protected]
[2013/09/22 15:22:17 | 000,534,729 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/06/03 05:49:49 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\searchplugins\aol-search.xml
[2013/09/23 17:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/01 11:54:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/23 17:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 11:54:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/18 18:44:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/03 19:49:03 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2009/09/01 21:42:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/05/11 00:52:33 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/25 08:46:06 | 000,002,273 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

========== Chrome ==========

CHR - Extension: cOOntiNuetaosave = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpgnjecnfbdnlpbjenccacidihooidha\1\

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{420A8603-0E24-4FEE-A7BA-7FD4245C049A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\awtTNghF: DllName - (awtTNghF.dll) - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXNeBqn) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/06 19:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/09/19 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YTD Video Downloader
[2013/09/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/06 19:27:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/10/06 19:23:35 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 19:19:58 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/10/06 19:19:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/06 19:07:31 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2013/10/06 18:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/06 10:51:18 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/10/04 16:10:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/10/03 16:40:34 | 000,280,352 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/10/01 19:03:11 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 08:56:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 08:56:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 06:24:15 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[2013/09/12 05:36:39 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/03 16:40:33 | 000,280,352 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/02/14 18:11:32 | 000,981,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/08 18:33:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/15 21:01:40 | 002,548,819 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-162531612-839522115-1003-0.dat
[2010/11/19 23:28:22 | 000,212,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/01/04 21:55:20 | 000,038,451 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft Access.ADR
[2009/10/29 05:50:49 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2009/02/13 21:51:57 | 000,011,211 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).CAL
[2008/04/28 22:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\.gtk-bookmarks
[2008/04/01 22:32:05 | 000,026,215 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
[2008/03/27 21:04:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/01/20 23:55:40 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2004/11/03 15:37:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2004/05/22 13:56:52 | 000,178,136 | ---- | C] () -- C:\Documents and Settings\User\~
[2004/05/22 13:50:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.html
[2004/05/22 13:46:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTApp.html
[2003/07/29 11:37:20 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/01/24 21:55:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

OTL Extra log:
OTL Extras logfile created on: 10/6/2013 7:33:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 64.20% Memory free
3.60 Gb Paging File | 3.13 Gb Available in Paging File | 86.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.60 Gb Free Space | 19.22% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.60 Gb Free Space | 19.22% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit "%1" %* (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Temp\BitTorrent\bittorrent.exe" = C:\Temp\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent Inc.)
"C:\Temp\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Temp\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)
"C:\Temp\Nero 7\Nero MediaHome\NMMediaServer.exe" = C:\Temp\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5.1
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{2028646C-E143-4DB1-AE19-AA31CA90E103}" = HP Webcam User's Guide
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3fca464b-0288-497f-af06-cf1b3f131a34}" = Nero 9
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{511CFE49-F318-4659-BC3F-73E9DBC3E2A8}" = ArcSoft Magic-i Visual Effects 2
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57250E78-F6E2-4DCE-9A84-50B28A70AB84}" = Menu Templates - Pack 3
"{590E3295-A11B-4C9F-9F88-399397EE393D}" = YouTube Downloader Toolbar v6.0
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{800B3855-2646-4707-B915-BDCC28F03D63}" = ArcSoft WebCam Companion 3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB8E6CE-CE6D-43A0-B54E-422425524FF9}" = Menu Templates - Pack 2
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.5 Professional
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F425DD1D-0097-41C3-B545-B79E3D51100E}" = Movie Templates - Pack 1
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"HijackThis" = HijackThis 1.99.1
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3Tag Pro_is1" = mp3Tag Pro 8.1
"NTFS4DOS" = NTFS4DOS
"QuickPar" = QuickPar 0.9
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0095
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"GoToMeeting" = GoToMeeting 5.5.0.1133
"magicJack" = magicJack
"MS AntiSpyware 2009 5.7" = MS AntiSpyware 2009
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2013 5:13:29 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 10/4/2013 5:13:29 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Error performing inpage operation.
for C:\Documents and Settings\NetworkService\ntuser.dat

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - Error performing
inpage operation.

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Error performing inpage operation.
for C:\Documents and Settings\NetworkService\ntuser.dat

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - Error performing
inpage operation.

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ System Events ]
Error - 10/5/2013 7:36:24 PM | Computer Name = VERYFASTUSER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/6/2013 8:14:14 PM | Computer Name = VERYFASTUSER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/6/2013 8:14:20 PM | Computer Name = VERYFASTUSER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/6/2013 8:14:40 PM | Computer Name = VERYFASTUSER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/6/2013 8:15:01 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/6/2013 8:15:01 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/6/2013 8:15:01 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 10/6/2013 8:15:01 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/6/2013 8:15:01 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BIOS Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip UimBus Uim_IM

Error - 10/6/2013 8:18:05 PM | Computer Name = VERYFASTUSER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

(If you do not already have OTL then: Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.)

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Please download Security Check by screen317 from here. BleepingComputer allows ads which mimic the download so be careful that you click on the Download Now @BleepingComputer button and not some adware's Download button
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

Ron
  • 0

#3
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thanks Ron in advance for all your help.

VEW Log:
Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/10/2013 7:00:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2013 6:55:48 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 07/10/2013 6:55:47 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 07/10/2013 6:55:33 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner[S0]Log:
# AdwCleaner v3.006 - Report created 07/10/2013 at 19:16:55
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - VERYFASTUSER
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\cOOntiNuetaosave
Folder Deleted : C:\Program Files\continuetosave
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\User\Application Data\NCdownloader
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpgnjecnfbdnlpbjenccacidihooidha
File Deleted : C:\Documents and Settings\All Users\Desktop\iLivid.lnk
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\.autoreg
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_this_page_46541;");
Line Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Line Deleted : user_pref("aol_toolbar.cookie.search", "");
Line Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.homepage.protection", false);
Line Deleted : user_pref("aol_toolbar.default.homepage.url", "");
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("aol_toolbar.guid", "{B91C9990-1A8A-6B97-D43E-C78CAB729FA5}");
Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", false);
Line Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9430");
Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Line Deleted : user_pref("aol_toolbar.install.ncid", "");
Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "7");
Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "5");
Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Line Deleted : user_pref("aol_toolbar.metrics.log", false);
Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "3");
Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "6");
Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1370584091872");
Line Deleted : user_pref("aol_toolbar.reset.flag", "3");
Line Deleted : user_pref("aol_toolbar.reset.style", "B");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "1370060801483");
Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Line Deleted : user_pref("aol_toolbar.rtw.active", false);
Line Deleted : user_pref("aol_toolbar.search.button", true);
Line Deleted : user_pref("aol_toolbar.search.cid", "03-06-2013");
Line Deleted : user_pref("aol_toolbar.search.instd", "97A3EC20275F4C449346F278DB4167CB");
Line Deleted : user_pref("aol_toolbar.search.oid", "03-06-2013");
Line Deleted : user_pref("aol_toolbar.search.placement", "right");
Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Line Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
Line Deleted : user_pref("aol_toolbar.skin.custom", false);
Line Deleted : user_pref("aol_toolbar.surf.date", "6");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "7");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "5");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Deleted : user_pref("aol_toolbar.surf.month", "1051");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "15");
Line Deleted : user_pref("aol_toolbar.surf.total", "1072");
Line Deleted : user_pref("aol_toolbar.surf.week", "877");
Line Deleted : user_pref("aol_toolbar.surf.year", "1065");
Line Deleted : user_pref("aol_toolbar.ticker.active", false);
Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("aol_toolbar.weather.degc", "16");
Line Deleted : user_pref("aol_toolbar.weather.degf", "61");
Line Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/11_n.png");
Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Line Deleted : user_pref("aol_toolbar.weather.metric", true);
Line Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Showers");
Line Deleted : user_pref("aol_toolbar.weather.update", "1370584091911");
Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
Line Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.msn.com/\",\"title\":\"MSN.com\"},null,{\"url\":\"hxxp://www.google.com/\",\"title\":\"Google\"},{\"url\":\"hxxp://www.pof.com/inbox.aspx[...]
Line Deleted : user_pref("extensions.51a98071a417c.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11347 octets] - [07/10/2013 19:13:47]
AdwCleaner[S0].txt - [11563 octets] - [07/10/2013 19:16:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11624 octets] ##########

JRT Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.1 (07.15.2013:2)
OS: Microsoft Windows XP x86
Ran by User on Mon 10/07/2013 at 19:24:30.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] dealplylive
Successfully deleted: [Service] dealplylive
Successfully stopped: [Service] dealplylivem
Successfully deleted: [Service] dealplylivem
Failed to stop: [Service] ibupdaterservice



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browser infrastructure helper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-789336058-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{80fabb17-63af-4655-9f07-b6509ee37af2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{0d89de71-3d99-4288-84dc-f18f1047a7d8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{1e0c9b2a-6447-452c-b012-2314a0c29412}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{34a8ceb6-89bb-49f1-b5e4-0d0d6c21f3b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3a4dbd3a-98cc-41ce-ad21-352d42b6f754}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4f8a50f6-69de-4be3-a33a-a1079b9ac0db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{501cb57a-d4e2-4855-96ad-edb0a9083395}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{6ff2c4dd-77a4-4bb5-ba4c-b42defbf9137}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80fabb17-63af-4655-9f07-b6509ee37af2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{83aba270-8390-4ca6-ae48-fc089f55629e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8b218a5f-1a3d-4347-94ef-a79575eb8094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9bdb5e09-4bba-4422-8c2b-529b281c32b8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{c536f080-57b7-46d6-8894-c647553f2889}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ca5d945f-e738-4d0b-a0b5-25ac51c64659}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f7698761-4aba-45c2-a5bb-d2163922c725}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ffcc53e6-2655-47fc-a89b-54e8d7f305d1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows nt\currentversion\image file execution options\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3310511
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DFECFD4-5148-43CB-BAF5-D63418368BC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}



~~~ Files

Failed to delete: [File] "C:\WINDOWS\system32\dmwu.exe"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\dealplylive"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\dealply"
Failed to delete: [Folder] "C:\Documents and Settings\User\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\dealplylive"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\smartbar"
Successfully deleted: [Folder] "C:\Program Files\dealply"
Successfully deleted: [Folder] "C:\Program Files\dealplylive"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\User\start menu\programs\dealply"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\2y3w9y1v.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\2y3w9y1v.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\2y3w9y1v.default\extensions\staged
Successfully deleted: [Folder] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\2y3w9y1v.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\2y3w9y1v.default\prefs.js

user_pref("CT3310511.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN37348932933153025&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN37348932933153025&UM=2&SearchSource=13");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN37348932933153025&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN37348932933153025&UM=2&SearchSource=13");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN37348932933153025&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
user_pref("smartbar.homePageOwnerCTID", "CT3310511");
user_pref("smartbar.machineId", "G6K/QDXAEEUTFFQQG+UYDNRYV/K38PYP0ARNPUDBWGXHZAIVAG22PZK67HIBQFLE/UQP/4GSIJM7JDJCBNH97W");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/07/2013 at 19:29:36.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR Log:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-07 19:34:33
-----------------------------
19:34:33.203 OS Version: Windows 5.1.2600 Service Pack 3
19:34:33.203 Number of processors: 2 586 0x303
19:34:33.203 ComputerName: VERYFASTUSER UserName: User
19:34:33.843 Initialize success
19:37:20.421 AVAST engine defs: 13100700
19:38:15.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000077
19:38:15.281 Disk 0 Vendor: SUNG_SP2004C_________________________ 00-49 Size: 190782MB BusType: 3
19:38:15.437 Disk 0 MBR read successfully
19:38:15.437 Disk 0 MBR scan
19:38:15.484 Disk 0 Windows XP default MBR code
19:38:15.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
19:38:15.500 Disk 0 scanning sectors +268414020
19:38:15.562 Disk 0 scanning C:\WINDOWS\system32\drivers
19:38:30.500 Service scanning
19:38:32.015 Service atapi C:\WINDOWS\System32\DRIVERS\atapi.sys **LOCKED** 32
19:38:48.203 Modules scanning
19:38:53.875 AVAST engine scan C:\WINDOWS
19:39:13.265 AVAST engine scan C:\WINDOWS\system32
19:42:39.031 AVAST engine scan C:\WINDOWS\system32\drivers
19:43:03.656 AVAST engine scan C:\Documents and Settings\User
20:00:18.812 AVAST engine scan C:\Documents and Settings\All Users
20:03:11.484 Scan finished successfully
20:05:52.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
20:05:52.984 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

VERYFASTUSER Log:
Summary
Operating System
Windows XP Professional 32-bit SP3
CPU
Intel Pentium 4
Prescott 90nm Technology
RAM
2.00GB Single-Channel DDR2 @ 333MHz (5-5-5-15)
Motherboard
BIOSTAR Group P4M90-M4 (Socket 775) 56 °C
Graphics
VE198 (1024x768@60Hz)
256MB VIA Chrome9 HC IGP Family (Biostar Microtech Int'l)
Hard Drives
186GB SAMSUNG SP2004C S07GJ1ULC08646 VM100-49 (SATA) 30 °C
Optical Drives
ASUS DVD-E616A3
Memorex DVD+-RAM 525G v1
AXV CD/DVD-ROM SCSI CdRom Device
Audio
USB Audio Device
Operating System
Windows XP Professional 32-bit SP3
Computer type: Desktop
Installation Date: 1/24/2008 8:09:28 PM
Serial Number:
Windows Security Center
Firewall Disabled
Antivirus Disabled
Windows Update
AutoUpdate Notify prior to download
.NET Frameworks installed
v4.0 Full
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
v1.1 SP1
Internet Explorer
Version 8.0.6001.18702
PowerShell
Version 2.0
Java
Java Runtime Environment
Path C:\Program Files\Java\jre7\bin\java.exe
Version 7.0
Update 25
Build 17
Environment Variables
USERPROFILE C:\Documents and Settings\User
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\User\Local Settings\Temp
TMP C:\Documents and Settings\User\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\System32\Wbem
C:\WINDOWS\system32\WindowsPowerShell\v1.0
C:\WINDOWS\system32\WindowsPowerShell\v1.0
C:\Documents and Settings\User\Local Settings\Application Data\Smartbar\Application\
windir C:\WINDOWS
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 15
PROCESSOR_IDENTIFIER x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_REVISION 0303
NUMBER_OF_PROCESSORS 2
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1;.PSC1
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
FP_NO_HOST_CHECK NO
PSModulePath C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
Power Profile
Active power scheme Home/Office Desk
Hibernation Disabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Hard Disk after: (On AC Power) Never
Suspend after: (On AC Power) Never
Screen saver Disabled
Uptime
Current Session
Current Time 10/7/2013 8:11:57 PM
Current Uptime 3,211 sec (0 d, 00 h, 53 m, 31 s)
Last Boot Time 10/7/2013 7:18:26 PM
TimeZone
TimeZone GMT -6:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
ACService.exe
Process ID 1828
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Memory Usage 2.38 MB
Peak Memory Usage 2.90 MB
alg.exe
Process ID 2248
Path C:\WINDOWS\System32\alg.exe
Memory Usage 3.51 MB
Peak Memory Usage 3.51 MB
c2c_service.exe
Process ID 280
User SYSTEM
Domain NT AUTHORITY
Path C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
Memory Usage 4.60 MB
Peak Memory Usage 4.61 MB
cltmng.exe
Process ID 248
User User
Domain VERYFASTUSER
Path C:\Documents and Settings\User\Application Data\SearchProtect\bin\cltmng.exe
Memory Usage 23 MB
Peak Memory Usage 25 MB
CltMngSvc.exe
Process ID 696
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\SearchProtect\bin\CltMngSvc.exe
Memory Usage 2.78 MB
Peak Memory Usage 2.79 MB
csrss.exe
Process ID 704
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 5.05 MB
Peak Memory Usage 6.08 MB
dmwu.exe
Process ID 2660
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\dmwu.exe
Memory Usage 7.30 MB
Peak Memory Usage 7.39 MB
explorer.exe
Process ID 208
User User
Domain VERYFASTUSER
Path C:\WINDOWS\explorer.exe
Memory Usage 28 MB
Peak Memory Usage 29 MB
firefox.exe
Process ID 2640
User User
Domain VERYFASTUSER
Path C:\Program Files\Mozilla Firefox\firefox.exe
Memory Usage 153 MB
Peak Memory Usage 202 MB
Garmin.Cartography.MapUpdate.CoreService.exe
Process ID 1876
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
Memory Usage 25 MB
Peak Memory Usage 25 MB
jqs.exe
Process ID 2020
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Java\jre7\bin\jqs.exe
Memory Usage 1.40 MB
Peak Memory Usage 17 MB
lsass.exe
Process ID 784
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 6.38 MB
Peak Memory Usage 6.41 MB
RIMBBLaunchAgent.exe
Process ID 2736
User User
Domain VERYFASTUSER
Path C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Memory Usage 3.69 MB
Peak Memory Usage 3.70 MB
searchindexer.exe
Process ID 1252
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\SearchIndexer.exe
Memory Usage 13 MB
Peak Memory Usage 15 MB
services.exe
Process ID 772
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 3.86 MB
Peak Memory Usage 3.91 MB
smss.exe
Process ID 656
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 416 KB
Peak Memory Usage 740 KB
Speccy.exe
Process ID 13604
User User
Domain VERYFASTUSER
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 19 MB
Peak Memory Usage 40 MB
spoolsv.exe
Process ID 1504
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 5.59 MB
Peak Memory Usage 6.45 MB
stij.exe
Process ID 3856
User User
Domain VERYFASTUSER
Path C:\Windows\System32\jmdp\stij.exe
Memory Usage 5.37 MB
Peak Memory Usage 5.37 MB
svchost.exe
Process ID 948
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.80 MB
Peak Memory Usage 4.86 MB
svchost.exe
Process ID 612
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 4.35 MB
Peak Memory Usage 4.36 MB
svchost.exe
Process ID 2008
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.40 MB
Peak Memory Usage 3.41 MB
svchost.exe
Process ID 1784
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.66 MB
Peak Memory Usage 3.67 MB
svchost.exe
Process ID 1328
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 7.46 MB
Peak Memory Usage 7.50 MB
svchost.exe
Process ID 1236
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.93 MB
Peak Memory Usage 4.07 MB
svchost.exe
Process ID 1164
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.27 MB
Peak Memory Usage 3.29 MB
svchost.exe
Process ID 1124
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 27 MB
Peak Memory Usage 36 MB
svchost.exe
Process ID 1028
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.41 MB
Peak Memory Usage 4.42 MB
System
Process ID 4
Memory Usage 236 KB
Peak Memory Usage 4.60 MB
System Idle Process
Process ID 0
uCamMonitor.exe
Process ID 980
User SYSTEM
Domain NT AUTHORITY
Path C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
Memory Usage 2.27 MB
Peak Memory Usage 2.27 MB
WgaTray.exe
Process ID 2604
User User
Domain VERYFASTUSER
Path C:\WINDOWS\system32\WgaTray.exe
Memory Usage 236 KB
Peak Memory Usage 11 MB
winlogon.exe
Process ID 728
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 2.85 MB
Peak Memory Usage 12 MB
wmiprvse.exe
Process ID 3040
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 9.87 MB
Peak Memory Usage 10 MB
wmiprvse.exe
Process ID 13532
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 4.91 MB
Peak Memory Usage 4.98 MB
wmpnetwk.exe
Process ID 1924
Path C:\Program Files\Windows Media Player\WMPNetwk.exe
Memory Usage 20 MB
Peak Memory Usage 20 MB
wmpnscfg.exe
Process ID 2800
User User
Domain VERYFASTUSER
Path C:\Program Files\Windows Media Player\WMPNSCFG.exe
Memory Usage 3.43 MB
Peak Memory Usage 3.45 MB
wuauclt.exe
Process ID 13364
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wuauclt.exe
Memory Usage 7.45 MB
Peak Memory Usage 8.16 MB
Scheduler
10/7/2013 8:23 PM;Every 1 hour(s) from 7:23 PM for 24 hour(s) every day, starting 10/7/2013 TidyNetwork Update
10/7/2013 8:29 PM;Every 1 hour(s) from 7:29 PM for 24 hour(s) every day, starting 10/7/2013 DealPlyLiveUpdateTaskMachineUA
10/7/2013 8:56 PM;Every 1 hour(s) from 12:56 AM for 24 hour(s) every day, starting 1/1/2000 Adobe Flash Player Updater
10/8/2013 5:00 PM;Run at user logon RegCure Program Check
10/8/2013 7:23 PM;Every 1 hour(s) from 7:23 PM for 24 hour(s) every day, starting 10/8/2013 At1
10/8/2013 7:29 PM;Run at user logon DealPlyLiveUpdateTaskMachineCore
10/10/2013 3:00 AM;At 3:00 AM every Thu of every week, starting 1/1/2006 RegCure
Hotfixes
7/9/2012 Security Update for Windows XP (KB2707511)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2659262)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2564958)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2544893)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604110)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2646524)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2585542)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2631813)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656369)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2686827)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604092)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656405)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2598479)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Windows Malicious Software Removal Tool - June 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
7/9/2012 Security Update for Windows XP (KB2686509)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656368)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2624667)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656352)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2592799)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Update for Windows XP (KB2718704)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
7/9/2012 Update Rollup for ActiveX Killbits for Windows XP (KB2695962)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
7/9/2012 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2699988)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
7/9/2012 Security Update for Windows XP (KB2570947)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Windows XP (KB2685939)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/9/2012 Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656407)
A security issue has been identified that could allow an attacker
to break or bypass a security feature in the affected software.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
7/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2604121)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2603381)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2653956)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Update for Windows XP (KB2633952)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
7/8/2012 Security Update for Windows XP (KB2619339)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
7/8/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2676562)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2686828)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2709162)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2620712)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2661637)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/8/2012 Security Update for Windows XP (KB2584146)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/24/2011 Update for Windows XP (KB2570791)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2011. After you install this item, you
may have to restart your computer.
8/10/2011 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
8/10/2011 Security Update for Windows XP (KB2567680)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/10/2011 Security Update for Windows XP (KB2536276)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/10/2011 Security Update for Windows XP (KB2570222)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
8/10/2011 Windows Malicious Software Removal Tool - August 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
8/10/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
8/10/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2559049)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
8/10/2011 Security Update for Windows XP (KB2566454)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/10/2011 Update Rollup for ActiveX Killbits for Windows XP (KB2562937)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
7/13/2011 Security Update for Windows XP (KB2507938)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/13/2011 Windows Malicious Software Removal Tool - July 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
7/13/2011 Security Update for Windows XP (KB2555917)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/29/2011 Update for Windows XP (KB2541763)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
6/15/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
6/15/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/15/2011 Security Update for Windows XP (KB2476490)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/15/2011 Security Update for Windows XP (KB2503665)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/15/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
6/15/2011 Security Update for Windows XP (KB2535512)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/15/2011 Security Update for Windows XP (KB2536276)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/15/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
6/15/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
6/15/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
6/15/2011 Security Update for Windows XP (KB2544893)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
6/15/2011 Security Update for Internet Explorer 8 for Windows XP (KB2544521)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
5/11/2011 Windows Malicious Software Removal Tool - May 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
4/27/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
4/14/2011 Security Update for Windows XP (KB2485663)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2011 Security Update for Windows XP (KB2506223)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
4/13/2011 Security Update for Windows XP (KB2412687)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
4/13/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
4/13/2011 Security Update for Windows XP (KB2503658)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
4/13/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
4/13/2011 Security Update for Windows XP (KB2507618)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Security Update for Windows XP (KB2508429)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Security Update for Windows XP (KB2511455)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Security Update for Windows XP (KB2506212)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
4/13/2011 Security Update for Windows XP (KB2509553)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/13/2011 Security Update for Windows XP (KB2510531)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/24/2011 Update for Windows XP (KB2524375)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
3/15/2011 Update for Windows XP (KB971029)
Install this update to restrict AutoRun entries in the AutoPlay
dialog to only CD and DVD drives. After you install this item,
you may have to restart your computer.
3/9/2011 Security Update for Windows XP (KB2479943)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/9/2011 Windows Malicious Software Removal Tool - March 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
3/9/2011 Security Update for Windows XP (KB2481109)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/9/2011 Security Update for Windows XP (KB2478971)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/9/2011 Security Update for Windows XP (KB2485376)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/9/2011 Security Update for Windows XP (KB2479628)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/9/2011 Security Update for Windows XP (KB2483185)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/9/2011 Windows Malicious Software Removal Tool - February 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2/9/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2482017)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2/9/2011 Security Update for Windows XP (KB2476687)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain access to information.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2/9/2011 Security Update for Windows XP (KB2478960)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/9/2011 Security Update for Windows XP (KB2393802)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/12/2011 Windows Malicious Software Removal Tool - January 2011 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
1/12/2011 Security Update for Windows XP (KB2419632)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/15/2010 Security Update for Windows XP (KB2296199)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/15/2010 Security Update for Windows XP (KB2443105)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/15/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2416400)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/15/2010 Security Update for Windows XP (KB2440591)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/15/2010 Update for Windows XP (KB2443685)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2011. After you install this item, you
may have to restart your computer.
12/15/2010 Security Update for Windows XP (KB2436673)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/15/2010 Update for Internet Explorer for Windows XP (KB2467659)
Install this update to resolve issues in Internet Explorer. For
a complete listing of the issues that are included in this update,
see the associated Microsoft Knowledge Base article for more
information. After you install this item, you may have to restart
your computer.
12/15/2010 Windows Malicious Software Removal Tool - December 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
12/15/2010 Security Update for Windows XP (KB2423089)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/10/2010 Windows Malicious Software Removal Tool - November 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/13/2010 Security Update for Windows XP (KB2387149)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Security Update for Windows XP (KB2279986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Update for Windows XP (KB2345886)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
10/13/2010 Security Update for Windows XP (KB2296011)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Security Update for Windows XP (KB2378111)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Security Update for Windows XP (KB982132)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Security Update for Windows XP (KB979687)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2360131)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
10/13/2010 Windows Malicious Software Removal Tool - October 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/13/2010 Security Update for Windows XP (KB981957)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/13/2010 Security Update for Windows XP (KB2360937)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/8/2010 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
10/7/2010 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
10/7/2010 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
10/7/2010 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
9/29/2010 Update for Windows XP (KB2158563)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2010. After you install this item, you
may have to restart your computer.
9/15/2010 Security Update for Windows XP (KB2259922)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/15/2010 Security Update for Windows XP (KB975558)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/15/2010 Security Update for Windows XP (KB2347290)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/15/2010 Security Update for Windows XP (KB2121546)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/15/2010 Security Update for Windows XP (KB982802)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/15/2010 Security Update for Windows XP (KB981322)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/15/2010 Windows Malicious Software Removal Tool - September 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
9/15/2010 Update for Windows XP (KB2141007)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
8/12/2010 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
8/12/2010 Windows Malicious Software Removal Tool - August 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
8/12/2010 Security Update for Windows XP (KB982214)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Security Update for Windows XP (KB2115168)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Security Update for Windows XP (KB981852)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Security Update for Windows XP (KB2079403)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
8/12/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2183461)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
8/12/2010 Security Update for Windows XP (KB2160329)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Security Update for Windows XP (KB980436)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Windows Malicious Software Removal Tool - August 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
8/12/2010 Security Update for Windows XP (KB981997)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/12/2010 Security Update for Windows XP (KB982665)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/4/2010 Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670)
The Microsoft .NET Framework 4 Client Profile provides a subset
of features from the .NET Framework 4. The Client Profile is
designed to run client applications and to enable the fastest
possible deployment for Windows Presentation Foundation (WPF)
and Windows Forms technology.
8/4/2010 Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930)
The Windows Management Framework Core package includes Windows
PowerShell 2.0 and Windows Remote Management (WinRM) 2.0. For
more information on the Windows Management Framework, see http://support.micro....com/kb/968929.
8/3/2010 Security Update for Windows XP (KB2286198)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/14/2010 Security Update for Windows XP (KB2229593)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
7/14/2010 Windows Malicious Software Removal Tool - July 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/23/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524)
This update addresses a set of known issues of the Microsoft
.NET Framework 3.5 Service Pack 1. After you install this item,
you may have to restart your computer.
6/22/2010 Update for Internet Explorer 8 Compatibility View List for Windows XP (KB982632)
This Compatibility View List update helps make Web sites that
are designed for older browsers look better in Internet Explorer
8. When users install Internet Explorer 8, they will be given
a choice about opting-in to a list of sites that should be displayed
in Compatibility View. After you install this item, you may have
to restart Internet Explorer.
6/22/2010 Update for Root Certificates [May 2010] (KB931125)
This item updates the list of root certificates on your computer
to the list that is accepted by Microsoft as part of the Microsoft
Root Certificate Program. Adding additional root certificates
to your computer enables you to use Extended Validation (EV)
certificates in Internet Explorer 7, a greater range of security
enhanced Web browsing, encrypted e-mail, and security enhanced
code delivery. After you install this item, you may have to restart
your computer. Once you have installed this item, it cannot be
removed.
6/22/2010 Microsoft .NET Framework 2.0 Service Pack 2 Update for Windows Server 2003 and Windows XP x86 (KB976569)
Install this update to resolve some known incompatibilities in
generic types using the BinaryFormatter or NetDataContractSerializer
serialized and deserialized across a mixed .NET Framework 3.5
SP1 and .NET Framework 4 environment. After you install this
item, you may have to restart your computer.
6/15/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
6/14/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
6/13/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
6/13/2010 Security Update for Windows XP (KB980218)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/13/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
6/13/2010 Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
A security issue has been identified that could allow an attacker
to tamper with digitally signed content without being detected,
when this content is being consumed by an application that makes
use of the Microsoft .NET Framework on a Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
6/13/2010 Security Update for Windows XP (KB979559)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/13/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB982381)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
6/13/2010 Windows Malicious Software Removal Tool - June 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/13/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/13/2010 Security Update for Windows XP (KB979482)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/13/2010 Security Update for Windows XP (KB975562)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/13/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
6/13/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
A security issue has been identified that could allow an attacker
to tamper with digitally signed content without being detected,
when this content is being consumed by an application that makes
use of the Microsoft .NET Framework on a Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
6/11/2010 Security Update for Windows XP (KB980218)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/11/2010 Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
A security issue has been identified that could allow an attacker
to tamper with digitally signed content without being detected,
when this content is being consumed by an application that makes
use of the Microsoft .NET Framework on a Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
6/11/2010 Security Update for Windows XP (KB979559)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/11/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/11/2010 Security Update for Windows XP (KB979482)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/11/2010 Security Update for Windows XP (KB975562)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
6/11/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
6/11/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
6/11/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB982381)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
6/11/2010 Windows Malicious Software Removal Tool - June 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/11/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
A security issue has been identified that could allow an attacker
to tamper with digitally signed content without being detected,
when this content is being consumed by an application that makes
use of the Microsoft .NET Framework on a Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
5/26/2010 Update for Windows XP (KB981793)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2010. After you install this item, you
may have to restart your computer.
5/12/2010 Windows Malicious Software Removal Tool - May 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
5/12/2010 Security Update for Windows XP (KB978542)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/15/2010 Security Update for Windows XP (KB979683)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2010 Security Update for Windows XP (KB980232)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2010 Windows Malicious Software Removal Tool - April 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
4/14/2010 Security Update for Windows XP (KB978338)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
4/14/2010 Security Update for Windows XP (KB977816)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2010 Security Update for Windows XP (KB978601)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2010 Security Update for Windows XP (KB981332)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2010 Security Update for Windows XP (KB979309)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
4/14/2010 Security Update for Windows XP (KB979683)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/31/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
3/10/2010 Security Update for Windows XP (KB975561)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/10/2010 Windows Malicious Software Removal Tool - March 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2/24/2010 Update for Windows XP (KB976662)
Install this update to improve Internet Explorer 8's JSON interoperability
in conformance with the new ECMAScript, fifth edition standard.
After you install this item, you may have to restart your computer.
2/24/2010 Update for Windows XP (KB979306)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2010. After you install this item, you
may have to restart your computer.
2/10/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB978262)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
2/10/2010 Security Update for Windows XP (KB971468)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Windows Malicious Software Removal Tool - February 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2/10/2010 Security Update for Windows XP (KB978037)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Security Update for Windows XP (KB975713)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Security Update for Windows XP (KB978251)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Security Update for Windows XP (KB975560)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Security Update for Windows XP (KB977914)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Security Update for Windows XP (KB978706)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2/10/2010 Security Update for Windows XP (KB977165)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/22/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB978207)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/13/2010 Update for Windows XP (KB955759)
An issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/13/2010 Security Update for Windows XP (KB972270)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/13/2010 Windows Malicious Software Removal Tool - January 2010 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
12/10/2009 Update for Windows XP (KB970430)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
12/10/2009 Security Update for Windows XP (KB974318)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/10/2009 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB976325)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/10/2009 Security Update for Windows XP (KB973904)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/10/2009 Security Update for Windows XP (KB974392)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/10/2009 Update for Windows XP (KB971737)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
12/10/2009 Windows Malicious Software Removal Tool - December 2009 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
11/25/2009 Update for Windows XP (KB976098)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2009. After you install this item, you
may have to restart your computer.
11/25/2009 Update for Windows XP (KB973687)
Install this update to prevent applications from sending too
many HTTP requests while a well-known Document Type Definition
(DTD) is included. After you install this item, you may have
to restart your computer.
11/25/2009 Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
Install this update to prevent applications from sending too
many HTTP requests while a well-known Document Type Definition
(DTD) is included. After you install this item, you may have
to restart your computer. Once you have installed this item,
it cannot be removed.
11/15/2009 Windows Malicious Software Removal Tool - November 2009 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
11/15/2009 Security Update for Windows XP (KB969947)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/9/2009 Update for Internet Explorer 8 for Windows XP (KB976749)
Install this update to resolve issues that may occur after installing
the Internet Explorer cumulative security update issued as MS09-054
(http://www.microsoft...n/ms09-054.mspx).
After you install this item, you may have to restart your computer.
11/9/2009 Security Update for Jscript 5.8 for Windows XP (KB971961)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
11/8/2009 Update for Windows XP (KB971513)
The Windows Automation API library contains the latest version
of the Microsoft User Interface Automation (UI Automation) and
Microsoft Active Accessibility libraries that are provided in
Windows 7. After you install this item, you may have to restart
your computer.
11/8/2009 Update for Root Certificates [September 2009] (KB931125)
This item updates the list of root certificates on your computer
to the list that is accepted by Microsoft as part of the Microsoft
Root Certificate Program. Adding additional root certificates
to your computer enables you to use Extended Validation (EV)
certificates in Internet Explorer 7, a greater range of security
enhanced Web browsing, encrypted e-mail, and security enhanced
code delivery. After you install this item, you may have to restart
your computer. Once you have installed this item, it cannot be
removed.
11/8/2009 Internet Explorer 8 for Windows XP
Internet Explorer 8 is the latest version of the familiar Web
browser that you are most comfortable using. Internet Explorer
8 helps you get everything that you want from the Web faster,
easier, and more privately and securely than ever. After you
install this item, you may have to restart your computer.
11/6/2009 Windows Update Agent 7.4.7600.226
The Windows Update Agent enables your computer to search for
and install updates from an update service. The agent can automatically
update itself as needed to communicate with the update service
when Windows searches for new updates.
11/3/2009 Update for Internet Explorer 7 for Windows XP (KB976749)
Install this update to resolve issues that may occur after installing
the Internet Explorer cumulative security update issued as MS09-054
(http://www.microsoft...n/ms09-054.mspx).
After you install this item, you may have to restart your computer.
10/31/2009 Internet Explorer 8 for Windows XP
Internet Explorer 8 is the latest version of the familiar Web
browser that you are most comfortable using. Internet Explorer
8 helps you get everything that you want from the Web faster,
easier, and more privately and securely than ever. After you
install this item, you may have to restart your computer.
10/31/2009 Windows PowerShell 1.0 Multilingual User Interface Package for Windows XP (KB926141)
Install this update to display the Windows PowerShell 1.0 interface
in Chinese Simplified, Chinese Traditional, French, German, Italian,
Japanese, Korean, Portuguese, Russian, and Spanish. After you
install this item, you may have to restart your computer.
10/14/2009 Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Security Update for Windows XP (KB958869)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Windows Malicious Software Removal Tool - October 2009 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/14/2009 Security Update for Windows XP (KB969059)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Security Update for Windows XP (KB974112)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Security Update for Windows XP (KB975025)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB974455)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
10/14/2009 Security Update for Windows XP (KB974571)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
10/14/2009 Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Security Update for Windows XP (KB971486)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/14/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
10/14/2009 Security Update for Windows XP (KB975467)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
10/1/2009 Update for Windows XP (KB968389)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
9/10/2009 Windows Malicious Software Removal Tool - September 2009 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
9/10/2009 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/10/2009 Security Update for Windows XP (KB956844)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/10/2009 Security Update for Jscript 5.7 for Windows XP (KB971961)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
9/2/2009 Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)
The update to .NET Framework 3.5 Service Pack 1 for the .NET
Framework Assistant 1.0 for Firefox addresses several compatibility
issues with version 1.0 of the extension.
8/27/2009 Update for Windows XP (KB970653)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2009. After you install this item, you
may have to restart your computer.
8/19/2009 Update for Windows XP (KB968389)
Install this update to help strengthen authentication credentials
in specific scenarios. After you install this item, you may have
to restart your computer.
8/13/2009 Security Update for Windows XP (KB960859)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP (KB971657)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP (KB971557)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP (KB956744)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP (KB973869)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP (KB973507)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP (KB973354)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Security Update for Windows XP Service Pack 3 (KB973540)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/13/2009 Windows Malicious Software Removal Tool - August 2009 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
8/13/2009 Security Update for Windows XP (KB973815)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/2/2009 Update for Windows XP (KB961118)
Install this update to resolve an issue in which an Inbox Printer
driver may be unsigned after you install the Microsoft .NET Framework
3.5 SP1. After you install this item, you may have to restart
your computer.
8/1/2009 Windows Genuine Advantage Notification (KB905474)
The Windows Genuine Advantage Notification tool notifies you
if your copy of Windows is not genuine. If your system is found
to be non-genuine, the tool will help you obtain a licensed copy
of Windows.
8/1/2009 Security Update for Windows XP (KB971633)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB972260)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
8/1/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system that is running
Microsoft Internet Explorer and gain control over it. You can
help protect your system by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
8/1/2009 Security Update for Windows XP (KB971633)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86
Microsoft .NET Framework 3.5 Service Pack 1 is a full cumulative
update that contains many new features building incrementally
upon .NET Framework 2.0, 3.0, 3.5, and includes cumulative servicing
updates to the .NET Framework 2.0 and .NET Framework 3.0 subcomponents.
The .NET Framework 3.5 Family Update provides important application
compatibility updates. This combined Service Pack and update
is applicable to .NET versions 2.0 through 3.5.
8/1/2009 Security Update for Windows XP (KB963093)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB970238)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB961501)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Update for Root Certificates [May 2009] (KB931125)
This item updates the list of root certificates on your computer
to the list that is accepted by Microsoft as part of the Microsoft
Root Certificate Program. Adding additional root certificates
to your computer enables you to use Extended Validation (EV)
certificates in Internet Explorer 7, a greater range of security
enhanced Web browsing, encrypted e-mail, and security enhanced
code delivery. After you install this item, you may have to restart
your computer. Once you have installed this item, it cannot be
removed.
8/1/2009 Internet Explorer 8 for Windows XP
Internet Explorer 8 is the latest version of the familiar Web
browser that you are most comfortable using. Internet Explorer
8 helps you get everything that you want from the Web faster,
easier, and more privately and securely than ever. After you
install this item, you may have to restart your computer.
8/1/2009 Security Update for Windows XP (KB959426)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB960803)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB952004)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB956572)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB923561)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Windows Genuine Advantage Notification (KB905474)
The Windows Genuine Advantage Notification tool notifies you
if your copy of Windows is not genuine. If your system is found
to be non-genuine, the tool will help you obtain a licensed copy
of Windows.
8/1/2009 Windows PowerShell 1.0 for Windows XP (KB926139)
Windows PowerShell is a new command-line shell and scripting
language designed for system administration and automation. Built
on the .NET Framework, Windows PowerShell enables IT professionals
and developers to control and automate the administration of
Windows and applications. After you install this item, you may
have to restart your computer.
8/1/2009 Update for Windows XP (KB959772)
Install this update to enable Windows Media Player to automatically
correct an error which may occur when DRM protected content requires
an update to the license. After you install this item, you may
have to restart your computer.
8/1/2009 Update for Windows XP (KB967715)
Install this update to resolve an issue in which AutoRun features
were not correctly disabled. After you install this item, you
may have to restart your computer.
8/1/2009 Security Update for Windows XP (KB960225)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
8/1/2009 tiger jet network inc - Other Hardware - TigerJet USB Composite Device
Tiger Jet Network usb software update released on July 06 2001.
8/1/2009 tiger jet network inc - Other Hardware - USB Internet Phone by TigerJet
TigerJet multimedia software update released on July 06 2001.
8/1/2009 Security Update for Windows XP (KB968537)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB961371)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/1/2009 Security Update for Windows XP (KB923561)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/25/2009 Windows Malicious Software Removal Tool - January 2009 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
1/25/2009 Security Update for Windows XP (KB958687)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/25/2009 Security Update for Internet Explorer 7 for Windows XP (KB960714)
Security issues have been identified that could allow an attacker
to compromise a system running Microsoft Internet Explorer and
gain control over it. You can help protect your system by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2009 Security Update for Windows XP (KB951748)
A security issue has been identified that could allow a remote
attacker to misrepresent a system action or behavior unbeknownst
to users on Microsoft Windows systems. You can help protect your
computer by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
12/11/2008 Windows Malicious Software Removal Tool - December 2008 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
12/11/2008 Update for Windows XP (KB955839)
Install this update to resolve an issue that is caused by revised
daylight saving time laws in many countries. This update enables
your computer to automatically adjust the computer clock on the
correct date in 2008. After you install this item, you may have
to restart your computer.
12/11/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB956802)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/11/2008 Security Update for Windows XP (KB954600)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/11/2008 Security Update for Windows XP Service Pack 3 (KB952069)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/11/2008 Root Certificates Update
This item updates the list of root certificates on your computer
to the list that is accepted by Microsoft as part of the Microsoft
Root Certificate Program. Adding additional root certificates
to your computer enables you to use Extended Validation (EV)
certificates in Internet Explorer 7, a greater range of security
enhanced Web browsing, encrypted e-mail, and security enhanced
code delivery. After you install this item, you may have to restart
your computer. Once you have installed this item, it cannot be
removed.
12/11/2008 Group Policy Preference Client Side Extensions for Windows XP (KB943729)
Multiple Group Policy Preferences have been added to the Windows
Server 2008 Group Policy Management Console (which are also available
through the Remote Server Administration Toolset (RSAT) for Windows
Vista SP1). Group Policy Preferences enable information technology
professionals to configure, deploy, and manage operating system
and application settings they previously were not able to manage
using Group Policy. After you install this update, your computer
will be able to process the new Group Policy Preference extensions.
After you install this item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB957097)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB954459)
A security issue has been identified in Microsoft XML Core Services
(MSXML) that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
A security issue has been identified in Microsoft XML Core Services
(MSXML) that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer. Once you have installed
this item, it cannot be removed.
12/11/2008 Security Update for Windows XP (KB955069)
A security issue has been identified in the way Microsoft XML
Core Services (MSXML) is handled that could allow an attacker
to compromise a computer that is running Microsoft Windows and
gain control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB958644)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB957095)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB956841)
A security issue has been identified that could allow an authenticated
local attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB956803)
A security issue has been identified that could allow an authenticated
local attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system that is running
Microsoft Internet Explorer and gain control over it. You can
help protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB954211)
A security issue has been identified that could allow an authenticated
local attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Windows Genuine Advantage Notification (KB905474)
The Windows Genuine Advantage Notification tool notifies you
if your copy of Windows is not genuine. If your system is found
to be non-genuine, the tool will help you obtain a licensed copy
of Windows.
12/11/2008 Security Update for Windows XP (KB954154)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB938464)
A security issue has been identified that could allow an attacker
to remotely compromise a Windows-based system that uses GDI+
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Update for Windows XP (KB952287)
Install this update to resolve an issue in which a malfunction
or data loss occurs when using Microsoft Data Access Components
(MDAC) components on computers that are running Windows XP SP2
or XP SP3. After you install this item, you may have to restart
your computer.
12/11/2008 Security Update for Windows XP (KB950974)
A security issue has been identified in Event System on Microsoft
Windows based systems that could allow an attacker to compromise
your Microsoft Windows-based system and gain control over it.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
12/11/2008 Security Update for Windows XP (KB952954)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Security Update for Windows XP (KB946648)
A security issue has been identified that could allow an unauthenticated,
remote attacker to compromise a system that is running Windows
Messenger and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
12/11/2008 Security Update for Outlook Express for Windows XP (KB951066)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Outlook Express
or Windows Mail and read data from another Internet Explorer
domain or the local computer. You can help protect your system
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/11/2008 Update for Windows XP (KB951978)
Install this update to resolve an issue in VBScript/JScript scripts
from CScript\WScript hosts, certain built-ins may not function
correctly when Standards and Formats in Regional Settings is
changed. After you install this item, you may have to restart
your computer.
12/11/2008 Windows Search 4.0 for Windows XP (KB940157)
Windows Search 4.0 helps you to find, preview, and use your documents,
e-mail, music, photos, and other items. On an upgrade from previous
versions, you will need to rebuild your index. After you install
this item, you may have to restart your computer.
7/4/2008 Security Update for Windows XP (KB951698)
A security issue has been identified in Microsoft DirectShow
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
7/4/2008 Security Update for Windows XP (KB951376)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your Microsoft Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
7/4/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB950759)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
7/4/2008 Security Update for Windows XP (KB950762)
A security issue has been identified that could allow an unauthenticated,
remote attacker to cause the affected system to stop responding.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
7/4/2008 Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system that is running
Microsoft Internet Explorer and gain control over it. You can
help protect your system by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
7/4/2008 Windows Malicious Software Removal Tool - June 2008 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/9/2008 Root Certificates Update
This item updates the list of root certificates on your computer
to the list that is accepted by Microsoft as part of the Microsoft
Root Certificate Program. Adding additional root certificates
to your computer enables you to use Extended Validation (EV)
certificates in Internet Explorer 7, a greater range of security
enhanced Web browsing, encrypted e-mail, and security enhanced
code delivery. After you install this item, you may have to restart
your computer. Once you have installed this item, it cannot be
removed.
6/9/2008 Windows Malicious Software Removal Tool - May 2008 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
6/9/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB947864)
Security issues have been identified that could allow an attacker
to compromise a system running Internet Explorer and gain control
over it. You can help protect your system by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
6/8/2008 Windows XP Service Pack 3 (KB936929)
Windows XP Service Pack 3 (SP3) is an update to Windows XP that
addresses key feedback from our customers and is a cumulative
update that includes all previously released updates for Windows
XP, including security updates. Windows XP SP3 contains a small
number of new updates and should not significantly change the
Windows XP experience. After you install this item, you may have
to restart your computer.
6/8/2008 Windows XP Service Pack 3 (KB936929)
Windows XP Service Pack 3 (SP3) is an update to Windows XP that
addresses key feedback from our customers and is a cumulative
update that includes all previously released updates for Windows
XP, including security updates. Windows XP SP3 contains a small
number of new updates and should not significantly change the
Windows XP experience. After you install this item, you may have
to restart your computer.
6/8/2008 Windows XP Service Pack 3 (KB936929)
Windows XP Service Pack 3 (SP3) is an update to Windows XP that
addresses key feedback from our customers and is a cumulative
update that includes all previously released updates for Windows
XP, including security updates. Windows XP SP3 contains a small
number of new updates and should not significantly change the
Windows XP experience. After you install this item, you may have
to restart your computer.
6/8/2008 Windows Genuine Advantage Validation Tool (KB892130)
The Windows Genuine Advantage Validation Tool enables you to
verify that your copy of Microsoft Windows is genuine. The tool
validates your Windows installation by checking Windows Product
Identification and Product Activation status.
3/25/2008 Group Policy Preference Client Side Extensions for Windows XP (KB943729)
Multiple Group Policy Preferences have been added to the Windows
Server 2008 Group Policy Management Console (which are also available
through the Remote Server Administration Toolset (RSAT) for Windows
Vista SP1). Group Policy Preferences enable information technology
professionals to configure, deploy, and manage operating system
and application settings they previously were not able to manage
using Group Policy. After you install this update, your computer
will be able to process the new Group Policy Preference extensions.
After you install this item, you may have to restart your computer.
3/21/2008 Windows Malicious Software Removal Tool - March 2008 (KB890830)
After the download, this tool runs once to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps to remove any infection
found. If an infection is found, the tool will display a status
report the next time you start your computer. A new version of
the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center or run an online version from microsoft.com.
This tool is not a replacement for an anti-virus product. To
help protect your computer, you should use an anti-virus product.
3/21/2008 Security Update for Windows XP (KB943055)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Object
Linking and Embedding (OLE) Automation and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
3/21/2008 Security Update for Windows XP (KB946026)
A security issue has been identified in the mrxdav.sys driver
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
3/21/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB944533)
Security issues have been identified that could allow an attacker
to compromise a system running Internet Explorer and gain control
over it. You can help protect your system by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
3/21/2008 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB936181)
A security issue has been identified in Microsoft XML Core Services
(MSXML) that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer. Once you have installed
this item, it cannot be removed.
1/25/2008 Security Update for Internet Explorer 7 for Windows XP (KB938127)
A security issue has been identified in the way Vector Markup
Language (VML) is handled that could allow an attacker to compromise
a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Microsoft GDI+ Detection Tool (KB873374)
The Microsoft GDI+ Detection Tool helps detect the presence of
Microsoft products (other than Windows) that contain the GDI+
component. Microsoft customers can run this tool to help determine
if a GDI+ security update is required. Microsoft recommends you
visit the Office Update site to determine if your computer requires
security updates for Office family products.
1/25/2008 Microsoft .NET Framework 2.0 Service Pack 1 (KB110806)
Microsoft .NET Framework 2.0 Service Pack 1 provides cumulative
roll-up updates for customer reported issues found after the
release of Microsoft .NET Framework 2.0. In addition, this release
provides security improvements, and prerequisite feature support
for .NET Framework 3.0 Service Pack 1, and .NET Framework 3.5.
After you install this item, you may have to restart your computer.
1/25/2008 Microsoft .NET Framework 3.0 Service Pack 1 (KB929300)
Microsoft .NET Framework 3.0 Service Pack 1 provides cumulative
roll-up updates for customer reported issues found after the
release of Microsoft .NET Framework 3.0. In addition, this release
provides security improvements, and prerequisite feature support
for Microsoft .NET Framework 3.5. After you install this item,
you may have to restart your computer.
1/25/2008 Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 1.1 Service Pack 1 resolves various
issues found after the initial release of .NET Framework 1.1.
These include both security- and non-security-related issues.
After you install this item, you may have to restart your computer.
Once you have installed this item, it cannot be removed.
1/25/2008 Update for Windows Media Player 11 for Windows XP (KB939683)
Install this update to improve how Windows Media Player manages
shortcuts you create and add to the Start menu pinned list. After
you install this item, you may have to restart your computer.
1/25/2008 Security Update for Microsoft XML Core Services 6.0 and Microsoft XML Core Services 6.0 Service Pack 1 (KB933579)
A security issue has been identified in Microsoft XML Core Services
(MSXML) that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows Media Player 11 for Windows XP (KB936782)
A security issue has been identified in Windows Media Player
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for .NET Framework 3.0: x86 (KB932471)
This update addresses a Rights Management Services issue with
the Microsoft XPS Viewer. You can restore full Rights Management
functionality by installing this update.
1/25/2008 Update for Windows Media Format 11 SDK for Windows XP (KB929399)
Install this update to resolve a metering issue with the Microsoft
Windows Media Format 11 SDK. After you install this item, you
may have to restart your computer.
1/25/2008 February 2007 CardSpace Update for Windows XP (KB925720)
This update rollup for Windows includes the hotfixes for Windows
CardSpace private desktop described in KB article 925720. After
you install this item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB920342)
Peer Name Resolution Protocol (PNRP) version 2.0 allows you to
publish and resolve peer names with other PNRP nodes running
v2.0. This is important for peer-to-peer applications on your
system. After you install this item, you may have to restart
your computer.
1/25/2008 Update for Windows XP (KB934238)
This update contains improvements to the printing components
on your system and to the Microsoft XPS Document Writer. After
you install this item, you may have to restart your computer.
Once you have installed this item, it cannot be removed.
1/25/2008 Root Certificates Update
This item updates the list root certificates on your computer
to the latest list that is accepted by Microsoft as part of the
Microsoft Root Certificate Program. Adding additional root certificates
to your computer enables the use of Extended Validation (EV)
certificates in Internet Explorer 7, a greater range of security
enhanced Web browsing, encrypted e-mail, and security enhanced
code delivery.
1/25/2008 Windows Genuine Advantage Notification (KB905474)
The Windows Genuine Advantage Notification tool notifies you
if your copy of Windows is not genuine. If your system is found
to be non-genuine, the tool will help you obtain a licensed copy
of Windows.
1/25/2008 Security Update for Windows XP (KB943485)
A security issue has been identified in LSASS that could allow
an attacker to compromise your Windows-based system and gain
control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Update for Windows XP (KB942840)
Install this update to increase the performance of web sites
that use Ajax. After you install this item, you may have to restart
your computer.
1/25/2008 Security Update for Windows XP (KB941644)
A security issue has been identified in TCPIP that could allow
an attacker to compromise your Windows-based system and gain
control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP with Windows Media Format Runtime 9 (KB941569)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Windows
Media file formats and gain control over it. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
1/25/2008 Windows Malicious Software Removal Tool - January 2008 (KB890830)
After the download, this tool runs once to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps to remove any infection
found. If an infection is found, the tool will display a status
report the next time you start your computer. A new version of
the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center or run an online version from microsoft.com.
This tool is not a replacement for an anti-virus product. To
help protect your computer, you should use an anti-virus product.
1/25/2008 Security Update for Windows XP (KB937894)
A security issue has been identified in the Microsoft Message
Queuing Service that could allow an attacker to compromise your
Windows-based system and gain control over it. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB944653)
A security issue has been identified in the Macrovision Driver
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB942615)
Security issues have been identified that could allow an attacker
to compromise a system running Internet Explorer and gain control
over it. You can help protect your system by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB941568)
A security issue has been identified in Microsoft DirectShow
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB942763)
Installing this update enables your computer to automatically
adjust the computer clock on the correct date in 2007 and 2008
due to revised Daylight Saving Time laws in many countries. After
you install this item, you may have to restart your computer.
1/25/2008 Windows Internet Explorer 7 for Windows XP
This free upgrade to Internet Explorer customers offers improvements
such as enhanced security, a cleaner look, and features to make
everyday tasks such as printing and searching the web easier.
This upgrade preserves your current home page, search settings,
favorites, and compatible toolbars, and can be uninstalled if
you decide to do so.
1/25/2008 Update for Windows XP (KB936357)
This is a reliability update. Install this microcode update to
improve the reliability of systems with Intel processors. After
you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB943460)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Microsoft .NET Framework 3.0: x86 (KB928416)
The Microsoft NET Framework 3.0 is the managed code programming
model for Windows. Version 3.0 enhances version 2.0 with new
technologies for building applications with visually compelling
user experiences, seamless communication across technology boundaries,
and the ability to support a wide range of business processes.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Outlook Express for Windows XP (KB941202)
A security issue has been identified in Outlook Express that
could allow an attacker to compromise your Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB933729)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB936021)
A security issue has been identified in Microsoft XML Core Services
(MSXML) that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB938127)
A security issue has been identified in the way Vector Markup
Language (VML) is handled that could allow an attacker to compromise
a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows Media Player 9 (KB936782)
A security issue has been identified in Windows Media Player
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB938829)
A security issue has been identified in Microsoft GDI that could
allow an attacker to compromise your Windows-based system and
gain control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB921503)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Object
Linking and Embedding (OLE) Automation and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Update for Windows XP (KB938828)
This is a reliability update. Install this update to improve
the stability of computers running Windows XP. After you install
this item, you may have to restart your computer.
1/25/2008 Security Update for Windows Media Player 6.4 (KB925398)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Windows
Media Player and gain control over it. You can help protect your
computer by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB935839)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system using a Windows kernel
API and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB935840)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system using Secure Channel
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Cumulative Security Update for Outlook Express for Windows XP (KB929123)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Outlook
Express. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Update for Windows XP (KB927891)
This is a reliability update. This update resolves an issue in
the Windows Installer (MSI) that can affect performance during
software updates. After you install this item, you may have to
restart your computer.
1/25/2008 Update for Windows XP (KB930916)
This is a reliability update. Install this update to resolve
an issue where a third-party driver installed on a computer that
is running Windows XP may prevent you from opening files successfully
on a NTFS file system volume. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB920213)
A security issue has been identified in MSAgent that could allow
an attacker to compromise your Windows-based system and gain
control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB890046)
A security issue has been identified in Microsoft Agent that
could allow an attacker to compromise your Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB935448)
Install this update to resolve an issue where certain third-party
applications may not start, and you receive an error message:
"Illegal System DLL Relocation" after you install security update
KB925902 (MS07-017). After you install this item, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB932168)
A security issue has been identified in Microsoft Agent that
could allow an attacker to compromise your Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB931261)
A security issue has been identified in Universal Plug and Play
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB930178)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB931784)
A security issue has been identified in the Windows Kernel that
could allow an attacker to compromise your Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB925902)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Windows Media Player 11
Windows Media Player 11 offers great new ways to store and enjoy
digital media beyond music. It's easier than ever to access all
of your video, pictures, and recorded TV on your computer. Play
it, view it, organize it, sync it to a portable device for viewing
on the go, or share with devices around your home—all from one
place. After you install this item, you may have to restart your
computer.
1/25/2008 Remote Desktop Connection (Terminal Services Client 6.0) for Windows XP (KB925876)
This version of Remote Desktop Connection (Terminal Services
Client 6.0) can be installed on client computers running Windows
XP Service Pack 2. It can be used to connect to terminal servers
or remote desktops running earlier versions of Windows, but the
new features are available only when the remote computer is running
Windows Vista or Windows Server Code Name "Longhorn."
1/25/2008 Security Update for Windows XP (KB926436)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB918118)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB927779)
A security issue has been identified in Microsoft Data Access
Components (MDAC) that could allow an attacker to compromise
your Windows-based system and gain control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB924667)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB927802)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB928843)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB928255)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB926255)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB923980)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Flash Player (KB923789)
Security issues have been identified in Macromedia Flash Player
from Adobe that could allow an attacker to compromise a Windows-based
system and gain control over it. You can help protect your system
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB924270)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB922819)
A security issue has been identified that could allow an attacker
to cause Denial of Service conditions on Windows-based systems.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB923191)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB924496)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB923414)
A security issue has been identified in the Server service that
could allow a remote user to cause an affected Windows-based
system to stop responding. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB920872)
This is a reliability update for Windows XP machines. Install
this audio component update to prevent memory corruption issues
which may cause an unstable state on a computer that is running
Windows XP Service Pack 2. After you install this item, you may
have to restart your computer.
1/25/2008 Security Update for Windows XP (KB920685)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain access to restricted
data. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB919007)
A security issue has been identified in Reliable Multicast Program
(PGM) for Microsoft Windows XP-based systems that could result
in a denial of service. You can help protect your computer by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB916595)
This is a reliability update for Windows XP machines. Install
this update to prevent an issue in which you may receive a "Stop
0xD" error message on a computer that is running Windows XP Service
Pack 2. The error may occur during startup, or after the system
has started. After you install this item, you may have to restart
your computer.
1/25/2008 Update for Windows XP (KB922582)
A problem has been identified in Filter Manager that can prevent
you from installing updates from Windows update. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB920683)
A security issue has been identified in DNS Resolution that could
allow an attacker to compromise your Windows-based system and
gain control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB920670)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB914388)
A remote code execution security issue has been identified in
the DHCP Client service that could allow an attacker to remotely
compromise your Windows-based system and gain control over it.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Update for Windows XP (KB904942)
Install this update to resolve HTTP authentication issues in
Windows-based systems that do not appear until Microsoft Internet
Explorer 7 is installed. After you install this item, you may
have to restart your computer.
1/25/2008 Security Update for Windows XP (KB911280)
A remote code execution security issue has been identified in
the Routing and Remote Access service that could allow an attacker
to remotely compromise your Windows-based system and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB913580)
A security issue has been identified in Windows-based systems
that could cause the Microsoft Distributed Transaction Coordinator
(MSDTC) to stop responding. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB918439)
A security issue has been identified in the way ART images are
handled that could allow an attacker to compromise a computer
running Microsoft Windows and gain control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB917344)
A security issue has been identified in the Windows Script Host
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB914389)
A local elevation of privilege security issue has been identified
in the Server Message Block that could allow an attacker to compromise
your Windows-based system and gain control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB908531)
A security issue has been identified in Windows Explorer that
could allow an attacker to compromise your Windows-based system
and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB900485)
Install this update to prevent an issue in which you may receive
a “stop 0x7e in AEC.SYS” error message on a computer that is
running Windows XP Service Pack 2. The error may occur during
startup, or after the system has started. AEC.SYS is the acoustic
echo canceling driver. After you install this item, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB911562)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Microsoft
Data Access Components and gain control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows Media Player Plug-in (KB911564)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using the Windows
Media Player Plug-in and gain control over it. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB911927)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Microsoft .NET Framework 2.0: x86 (KB829019)
The .NET Framework version 2.0 improves scalability and performance
with improved caching, application deployment and updating with
ClickOnce, and support for the broadest array of browsers and
devices with ASP.NET 2.0 controls and services. After you install
this update, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB908519)
A security issue has been identified that could allow an attacker
to compromise your Microsoft Windows-based system and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Update for Windows XP (KB910437)
Install this update to prevent or resolve an issue in which Windows
Update and Automatic Updates can no longer download updates after
an Access Violation error occurs when using the Automatic Updates
service. After you install this item, you may have to restart
your computer.
1/25/2008 Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520)
Base Smart Card Cryptographic Service Provider (Base CSP) allows
smart card vendors to more easily enable their smart cards on
Windows with a lightweight proprietary card module instead of
a full proprietary CSP. After you install this item, you may
have to restart your computer.
1/25/2008 Update for WMDRM-enabled Media Players (KB891122)
Install this update to enable your PC to access premium content
protected by Windows Media Digital Rights Management. After you
install this update, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB900725)
A security issue has been identified that could allow an authenticated
attacker to gain access and potentially compromise your Microsoft
Windows-based system. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB905749)
A security issue has been identified in the Plug and Play service
that could allow an authenticated attacker to compromise your
Microsoft Windows-based system and gain control over it. You
can help protect your computer by installing this update from
Microsoft. After you install this item, you may have to restart
your computer.
1/25/2008 Security Update for Windows XP (KB905414)
A denial of service security issue has been identified that could
cause the Network Manager service to stop responding on your
Windows-based system. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB901017)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system using Collaboration
Data Objects (CDO) and gain control over it. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB902400)
A remote code execution security issue has been identified that
could allow an attacker to remotely compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB894391)
Install this update to address an issue that may cause a "Generic
Host Process" error message to be displayed after you install
security update MS05-012, or cause attachment file names not
to be displayed in Rich Text e-mail messages. After you install
this update, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB896423)
A security issue has been identified in the Print Spooler service
that could allow an attacker to compromise your Microsoft Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB899587)
A security issue has been identified that could allow an attacker
to gain access to sensitive data transmitted through your Microsoft
Windows-based system in a domain environment, and to perform
denial of service attacks against domain controllers. You can
help protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB899591)
A security issue has been identified in the Remote Desktop Protocol
(RDP) that could allow an attacker to remotely cause your Microsoft
Windows-based system to stop responding. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB893756)
A security issue has been identified in the Telephony Application
Programming Interface (TAPI) that could allow an attacker to
compromise your Microsoft Windows-based system and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB896358)
A security issue has been identified in the HTML Help component
that could allow an attacker to compromise your Windows-based
system and gain control over it. You can help protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB890859)
A security issue has been identified that could allow an attacker
to remotely compromise your Windows-based system and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB901214)
A security issue has been identified in the Color Management
Module that could allow an attacker to compromise your Microsoft
Windows-based system and gain control over it. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
1/25/2008 Update for Windows XP (KB896344)
The Files and Settings Transfer Wizard included in Windows XP
SP2 does not support gathering data from a 32-bit Windows XP
environment and applying it in a 64-bit Windows XP environment.
Install this update to enable support for collecting data in
a 32-bit Windows XP environment and applying it to a 64-bit Windows
XP environment. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB896428)
A security issue in Telnet has been identified that could allow
an attacker to learn information about your Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB885835)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB891781)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows Messenger (KB887472)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Security Update for Windows XP (KB888302)
A security issue has been identified that could allow an attacker
to remotely read information about your Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Critical Update for Windows XP (KB885626)
This non-security critical update helps resolve an issue where
a limited number of systems running a BIOS without production
support for Intel Pentium 4 and Intel Celeron D processors based
on Prescott C-0 Stepping can potentially hang on Windows XP Service
Pack 2 installation. After you install this update, you may have
to restart your computer.
1/25/2008 Security Update for Windows XP (KB885836)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Critical Update for Windows XP (KB886185)
This update helps narrow the definition of the My network, or
local subnet, restriction option in the Windows Firewall. This
is helpful in situations where the Windows Firewall would consider
a large network to be on the local subnet because of how the
dial-up software configured the route tables. After you install
this item, you may have to restart your computer.
1/25/2008 Security Update for Windows XP (KB873339)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system and gain control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
1/25/2008 Microsoft .NET Framework version 1.1
The .NET Framework is a component of the Windows operating system.
For developers, the .NET Framework makes it easy to rapidly create
powerful software that maximizes performance, scalability, opportunities
for integration, reliability, security, and the end-user experience,
while minimizing the costs of deployment and management. After
you install this item, you may have to restart your computer.
1/25/2008 Windows Genuine Advantage Validation Tool (KB892130)
The Windows Genuine Advantage Validation Tool enables you to
verify that your copy of Microsoft Windows is genuine. The tool
validates your Windows installation by checking Windows Product
Identification and Product Activation status.
1/25/2008 Update for Windows XP (KB898461)
This update installs a permanent copy of Package Installer for
Windows to enable software updates to have a significantly smaller
download size. The Package Installer facilitates the install
of software updates for Microsoft Windows operating systems and
other Microsoft products. After you install this update, you
may have to restart your system.
1/25/2008 Microsoft Windows Installer 3.1
The Microsoft Windows Installer 3.1 is the application installation
and configuration service for Windows. The additional features
in version 3.1 help make creating, distributing, and managing
updates to applications easier and more efficient.
System Folders
Path for burning CD C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\CD Burning
Application Data C:\Documents and Settings\All Users\Application Data
Public Desktop C:\Documents and Settings\All Users\Desktop
Documents C:\Documents and Settings\All Users\Documents
Global Favorites C:\Documents and Settings\All Users\Favorites
Music C:\Documents and Settings\All Users\Documents\My Music
Pictures C:\Documents and Settings\All Users\Documents\My Pictures
Start Menu Programs C:\Documents and Settings\All Users\Start Menu\Programs
Start Menu C:\Documents and Settings\All Users\Start Menu
Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates C:\Documents and Settings\All Users\Templates
Videos C:\Documents and Settings\All Users\Documents\My Videos
Cookies C:\Documents and Settings\User\Cookies
Desktop C:\Documents and Settings\User\Desktop
Physical Desktop C:\Documents and Settings\User\Desktop
User Favorites C:\Documents and Settings\User\Favorites
Fonts C:\WINDOWS\Fonts
Internet History C:\Documents and Settings\User\Local Settings\History
Temporary Internet Files C:\Documents and Settings\User\Local Settings\Temporary Internet Files
Local Application Data C:\Documents and Settings\User\Local Settings\Application Data
Windows Directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Program Files C:\Program Files
Services
Running Application Layer Gateway Service
Running ArcSoft Connect Daemon
Running Automatic Updates
Running CamMonitor
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Garmin Core Update Service
Running Help and Support
Running HTTP SSL
Running IBUpdaterService
Running IPSEC Services
Running Java Quick Starter
Running Logical Disk Manager
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Remote Registry
Running Search Protect by Conduit Updater
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running Skype C2C Service
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running Universal Plug and Play Device Host
Running WebClient
Running Windows Audio
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Time
Running Wireless Zero Configuration
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped @%SystemRoot%\system32\qmgr.dll,-1000
Stopped Adobe Flash Player Update Service
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped FLEXnet Licensing Service
Stopped Health Key and Certificate Management Service
Stopped Human Interface Device Access
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Mozilla Maintenance Service
Stopped MS Software Shadow Copy Provider
Stopped Nero BackItUp Scheduler 4.0
Stopped Net Burner iSCSI Service
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped PLFlash DeviceIoControl Service
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Skype Updater
Stopped Smart Card
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Presentation Foundation Font Cache 4.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Security Options
Accounts: Administrator account status Enabled
Accounts: Guest account status Enabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Administrators
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Disabled
Devices: Restrict floppy access to locally logged-on user only Disabled
Devices: Unsigned driver installation behavior Not defined
Domain controller: Allow server operators to schedule tasks Not defined
Domain controller: LDAP server signing requirements Not defined
Domain controller: Refuse machine account password changes Not defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Disabled
Interactive logon: Display user information when the session is locked Not defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 14 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Not defined
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of credentials or .NET Passports for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Network access: Shares that can be accessed anonymously COMCFG,DFS$
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Network security: Do not store LAN Manager hash value on next password change Disabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Send LM & NTLM responses
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients No minimum
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers No minimum
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Default owner for objects created by members of the Administrators group Object creator
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
Intel Pentium 4 CPU 3.00GHz
Intel Pentium 4 CPU 3.00GHz
ACPI Fan
ACPI Thermal Zone
ACPI Power Button
ACPI Sleep Button
System board
ACPI Fixed Feature Button
PCI bus
VIA Standard Host Bridge
VIA Standard Host Bridge
VIA Standard Host Bridge
VIA Standard Host Bridge
VIA Standard Host Bridge
VIA I/O APIC Interrupt Controller
VIA Security Device
VIA Standard Host Bridge
VIA PCI to PCI Bridge Controller
VIA PCI to PCI Bridge Controller
VIA Ultra VLINK Controller
VIA Rhine II Fast Ethernet Adapter
VIA Standard Host Bridge
VIA Standard PCI to PCI Bridge
Motherboard resources
Motherboard resources
Motherboard resources
Motherboard resources
Programmable interrupt controller
Direct memory access controller
System timer
High precision event timer
System CMOS/real time clock
System speaker
Numeric data processor
Communications Port (COM1)
PS/2 Compatible Mouse
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Motherboard resources
Motherboard resources
VIA CPU to AGP2.0/AGP3.0 Controller
VIA Chrome9 HC IGP Family
Plug and Play Monitor
VIA Serial ATA Controller - 5337
VIA Serial ATA Channel 0 - 5337
VIA Serial ATA Channel 1 - 5337
SAMSUNG SP2004C S07GJ1ULC08646 VM100-49
VIA Bus Master IDE Controller - 0571
Primary IDE Channel
Secondary IDE Channel
ASUS DVD-E616A3
Memorex DVD+-RAM 525G v1
VIA Rev 5 or later USB Universal Host Controller
USB Root Hub
VIA Rev 5 or later USB Universal Host Controller
USB Root Hub
VIA Rev 5 or later USB Universal Host Controller
USB Root Hub
VIA Rev 5 or later USB Universal Host Controller
USB Root Hub
VIA USB Enhanced Host Controller
USB Root Hub
USB Composite Device
USB Video Device #3
USB Audio Device
VIA Standard PCI to ISA Bridge
ISAPNP Read Data Port
Standard floppy disk controller
Floppy disk drive
Printer Port (LPT1)
Printer Port Logical Interface
PCI bus
Microsoft UAA Bus Driver for High Definition Audio
Realtek High Definition Audio
CPU
Intel Pentium 4
Cores 1
Threads 2
Name Intel Pentium 4
Code Name Prescott
Package Socket 478 mPGA
Technology 90nm
Specification Intel Pentium 4 CPU 3.00GHz
Family F
Extended Family F
Model 3
Extended Model 3
Stepping 3
Revision C0
Instructions MMX, SSE, SSE2, SSE3
Virtualization Not supported
Hyperthreading Supported, Enabled
Fan Speed 5075 RPM
Bus Speed 200.0 MHz
Rated Bus Speed 800.0 MHz
Stock Core Speed 3000 MHz
Stock Bus Speed 200 MHz
Caches
L1 Data Cache Size 16 KBytes
L1 trace cache 12 Kµops
L2 Unified Cache Size 1024 KBytes
Core 0
Core Speed 2999.9 MHz
Multiplier x 15.0
Bus Speed 200.0 MHz
Rated Bus Speed 800.0 MHz
Thread 1
APIC ID 0
Thread 2
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 2048 MBytes
Channels # Single
DRAM Frequency 333.3 MHz
CAS# Latency (CL) 5 clocks
RAS# to CAS# Delay (tRCD) 5 clocks
RAS# Precharge (tRP) 5 clocks
Cycle Time (tRAS) 15 clocks
Command Rate (CR) 2T
Physical Memory
Memory Usage 43 %
Total Physical 1.75 GB
Available Physical MB
Total Virtual 3.60 GB
Available Virtual 3.08 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 1024 MBytes
Manufacturer Silicon Technology
Max Bandwidth PC2-5300 (333 MHz)
Part Number S1024R3NN2QK-I
Week/year 05 / 04
SPD Ext. EPP
JEDEC #3
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Slot #2
Type DDR2
Size 1024 MBytes
Manufacturer Silicon Technology
Max Bandwidth PC2-5300 (333 MHz)
Part Number S1024R3NN2QK-I
Week/year 05 / 04
SPD Ext. EPP
JEDEC #3
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Motherboard
Manufacturer BIOSTAR Group
Model P4M90-M4 (Socket 775)
Version Ver:1.0
Chipset Vendor VIA
Chipset Model P4M900/CN896/VN896/PT890
Chipset Revision 00
Southbridge Vendor VIA
Southbridge Model VT8237A
Southbridge Revision 00
System Temperature 56 °C
BIOS
Brand Phoenix Technologies, LTD
Version 6.00 PG
Date 8/28/2007
Voltage
CPU CORE 1.376 V
MEMORY CONTROLLER 1.616 V
+3.3V 3.328 V
+5V 4.919 V
+12V 11.904 V
-12V (7.616) V
-5V (2.880) V
+5V HIGH THRESHOLD 4.623 V
CMOS BATTERY 3.280 V
PCI Data
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI0
Characteristics 5V, PME
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI1
Characteristics 5V, PME
Slot Number 1
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI2
Characteristics 5V, PME
Slot Number 2
Slot AGP
Slot Type AGP
Slot Usage In Use
Bus Width 32 bit
Slot Designation AGP
Characteristics 5V
Slot Number 3
Graphics
Monitor
Name VE198 on VIA Chrome9 HC IGP Family
Current Resolution 1024x768 pixels
Work Resolution 1024x734 pixels
State Enabled, Primary, Output devices support
Monitor Width 1024
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
VIA Chrome9 HC IGP Family
Manufacturer VIA
Model Chrome9 HC IGP Family
Device ID 1106-3371
Revision 2
Subvendor Biostar Microtech Int'l (1565)
Current Performance Level Level 0
Driver version 6.14.10.95
BIOS Version 99.00.00.08
Memory 256 MB
Count of performance levels : 1
Level 1
Hard Drives
SAMSUNG SP2004C S07GJ1ULC08646 VM100-49
Manufacturer SAMSUNG
Heads 16
Cylinders 16,383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number S07GJ1ULC08646
LBA Size 48-bit LBA
Power On Count 1817 times
Power On Time 1319.1 days
Features S.M.A.R.T., AAM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 186 GB
Real size 200,049,647,616 bytes
RAID Type None
S.M.A.R.T
Status Good
Temperature 30 °C
Temperature Range OK (less than 50 °C)
01 Read Error Rate 100 (100) Data 0000000000
03 Spin-Up Time 253 (253) Data 00000016C0
04 Start/Stop Count 099 (099) Data 0000000722
05 Reallocated Sectors Count 253 (253) Data 0000000000
07 Seek Error Rate 253 (253) Data 0000000000
08 Seek Time Performance 253 (253) Data 0000000000
09 Power-On Hours (POH) 100 (100) Data 0000007BAB
0A Spin Retry Count 253 (253) Data 0000000000
0B Recalibration Retries 253 (253) Data 0000000000
0C Device Power Cycle Count 099 (099) Data 0000000719
BB Reported Uncorrectable Errors 001 (001) Data 00000F463D
BE Temperature Difference from 100 148 (097) Data 000000001E
C2 Temperature 148 (097) Data 000000001E
C3 Hardware ECC Recovered 100 (100) Data 00000F8C5A
C4 Reallocation Event Count 253 (253) Data 0000000000
C5 Current Pending Sector Count 100 (100) Data 0000000002
C6 Uncorrectable Sector Count 253 (253) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (100) Data 0000000000
C9 Soft Read Error Rate 100 (100) Data 0000000000
CA Data Address Mark errors 253 (253) Data 0000000000
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number DCF139DE
Size 128 GB
Used Space 104 GB (82%)
Free Space 24.2 GB (18%)
Optical Drives
ASUS DVD-E616A3
Media Type DVD Reader
Name ASUS DVD-E616A3
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Memorex DVD+-RAM 525G v1
Media Type DVD Writer
Name Memorex DVD+-RAM 525G v1
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Write capabilities CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 1
Status OK
AXV CD/DVD-ROM SCSI CdRom Device
Media Type DVD Reader
Name AXV CD/DVD-ROM SCSI CdRom Device
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD+R, DVD+RW
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive J:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 2
SCSI Target Id 0
Status OK
Audio
Sound Cards
USB Audio Device
Realtek High Definition Audio
Playback Device
HP Webcam HD-2200
Recording Device
Realtek HD Audio output
Speaker Configuration
Speaker Configuration
Speaker type Stereo
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
PS/2 Compatible Mouse
Device Kind Mouse
Device Name PS/2 Compatible Mouse
Vendor Microsoft
Location plugged into PS/2 mouse port
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
USB Video Device
Device Kind Camera/scanner
Device Name USB Video Device
Vendor Hewlett-Packard
Comment USB Video Device #3
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\drivers\usbvideo.sys
File C:\WINDOWS\system32\ksuser.dll
File C:\WINDOWS\system32\ksproxy.ax
File C:\WINDOWS\system32\drivers\ks.sys
File C:\WINDOWS\system32\kstvtune.ax
File C:\WINDOWS\system32\ksxbar.ax
File C:\WINDOWS\system32\kswdmcap.ax
File C:\WINDOWS\system32\vidcap.ax
File C:\WINDOWS\system32\dshowext.ax
File C:\WINDOWS\system32\vfwwdm32.dll
File C:\WINDOWS\system32\iyuv_32.dll
File C:\WINDOWS\system32\msh263.drv
File C:\WINDOWS\system32\msyuv.dll
File C:\WINDOWS\system32\tsbyuv.dll
USB Audio Device
Device Kind Audio device
Device Name USB Audio Device
Vendor Hewlett-Packard
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2535.0
File C:\WINDOWS\system32\drivers\USBAUDIO.sys
File C:\WINDOWS\system32\ksuser.dll
File C:\WINDOWS\system32\ksproxy.ax
File C:\WINDOWS\system32\drivers\ks.sys
File C:\WINDOWS\system32\drivers\drmk.sys
File C:\WINDOWS\system32\drivers\portcls.sys
File C:\WINDOWS\system32\drivers\stream.sys
File C:\WINDOWS\system32\wdmaud.drv
Printers
\\NONEOFYOURBUSIN\hp photosmart 7350 series
Share Name hp photosmart
Printer Port DOT4_002
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 4294967293 dpi Color
Status Unknown
Driver
Driver Name hp photosmart 7350 series (v0.21)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll
\\NONEOFYOURBUSIN\HP LaserJet 5P (Default Printer)
Share Name HPLaserJ
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Monochrome
Status Unknown
Driver
Driver Name HP LaserJet 5P (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Adobe PDF
Printer Port My Documents\*.pdf
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 1200 * 1200 dpi Color
Status Unknown
Driver
Driver Name Adobe PDF Converter (v5.02)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Auto HP LaserJet 5P on NONEOFYOURBUSIN
Printer Port \\NONEOFYOURBUSIN\HPLaserJ
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Monochrome
Status Unknown
Driver
Driver Name HP LaserJet 5P (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Auto hp photosmart 7350 series on NONEOFYOURBUSIN
Printer Port \\NONEOFYOURBUSIN\hp photosmart
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 4294967293 dpi Color
Status Unknown
Driver
Driver Name hp photosmart 7350 series (v0.21)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll
Auto Microsoft XPS Document Writer on NONEOFYOURBUSIN
Printer Port \\NONEOFYOURBUSIN\Printer
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Microsoft Office Document Image Writer
Share Name Printer2
Printer Port Microsoft Document Imaging Writer Port:
Print Processor ModiPrint
Availability Always
Priority 1
Duplex None
Print Quality 300 * 300 dpi Color
Status Unknown
Driver
Driver Name Microsoft Office Document Image Writer Driver (v4.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll
Microsoft XPS Document Writer
Share Name Printer
Printer Port XPSPort:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
IP Address 192.168.1.104
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 68.105.28.11
Alternate DNS server 68.105.29.11
Alternate DNS server 68.105.28.12
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 68.102.5.114
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 Bps
Computer Name
NetBIOS Name VERYFASTUSER
DNS Name veryfastuser
Membership Part of workgroup
Workgroup MSHOME
Remote Desktop
Disabled
Console
State Active
Domain VERYFASTUSER
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect Yes
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Adapters List
VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
IP Address 192.168.1.104
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
MAC Address 00-E0-4D-62-41-95
Network Shares
SharedDocs C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS
C C:\
Temp C:\Temp
My Documents C:\Documents and Settings\User\My Documents
My Pictures C:\Documents and Settings\User\My Documents\My Pictures
Codes C:\Documents and Settings\User\My Documents\Codes
Printer Microsoft XPS Document Writer,LocalsplOnly
Printer2 Microsoft Office Document Image Writer,LocalsplOnly
Current TCP Connections
C:\Documents and Settings\User\Application Data\SearchProtect\bin\cltmng.exe (248)
Local 192.168.1.104:1498 CLOSE-WAIT Remote 23.67.227.152:443 (Querying... ) (HTTPS)
Local 192.168.1.104:1500 CLOSE-WAIT Remote 23.44.99.152:443 (Querying... ) (HTTPS)
Local 192.168.1.104:1502 CLOSE-WAIT Remote 23.79.211.152:443 (Querying... ) (HTTPS)
Local 192.168.1.104:1524 CLOSE-WAIT Remote 54.235.189.78:443 (Querying... ) (HTTPS)
Local 192.168.1.104:1655 CLOSE-WAIT Remote 54.235.189.9:443 (Querying... ) (HTTPS)
Local 192.168.1.104:1712 CLOSE-WAIT Remote 23.79.211.152:443 (Querying... ) (HTTPS)
C:\Program Files\Java\jre7\bin\jqs.exe (2020)
Local 127.0.0.1:5152 LISTEN
C:\Program Files\Mozilla Firefox\firefox.exe (2640)
Local 127.0.0.1:1528 ESTABLISHED Remote 127.0.0.1:1529 (Querying... )
Local 127.0.0.1:1529 ESTABLISHED Remote 127.0.0.1:1528 (Querying... )
C:\Program Files\Windows Media Player\WMPNetwk.exe (1924)
Local 0.0.0.0:10243 LISTEN
C:\WINDOWS\System32\alg.exe (2248)
Local 127.0.0.1:1034 LISTEN
C:\WINDOWS\System32\svchost.exe (1328)
Local 0.0.0.0:2869 LISTEN
svchost.exe (1028)
Local 0.0.0.0:135 (DCE) LISTEN
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 192.168.1.104:139 (NetBIOS session service) LISTEN
Generated with Speccy v1.23.569
  • 0

#4
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Continued

OTL Log:
OTL logfile created on: 10/7/2013 8:25:00 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 61.65% Memory free
3.60 Gb Paging File | 3.10 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.12 Gb Free Space | 18.85% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.12 Gb Free Space | 18.85% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/17 12:25:46 | 000,415,024 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe
PRC - [2013/09/17 12:25:42 | 001,435,440 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/08 01:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Documents and Settings\User\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/18 18:44:03 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/17 12:25:46 | 000,415,024 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe
MOD - [2013/09/17 12:25:42 | 001,435,440 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
MOD - [2013/09/17 12:23:08 | 001,062,912 | ---- | M] () -- C:\WINDOWS\system32\jmdp\lmrn.dll
MOD - [2013/06/01 00:54:44 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll
MOD - [2013/06/01 00:53:01 | 001,050,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll
MOD - [2012/07/08 20:32:34 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/07/08 20:32:32 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
MOD - [2012/07/08 20:32:28 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
MOD - [2012/07/08 20:32:24 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
MOD - [2012/07/08 20:32:22 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
MOD - [2012/07/08 20:32:16 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/07/08 20:30:56 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/07/08 20:27:55 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/07/08 20:27:52 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/07/08 20:27:50 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/07/08 20:27:45 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/07/08 19:02:46 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/07/08 19:02:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/07/08 19:02:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/07/08 19:01:36 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/07/08 19:01:06 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/07/08 19:00:49 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2008/12/23 18:41:24 | 000,203,264 | ---- | M] () -- C:\Temp\mp3Tag Pro 7\tag_menu.dll
MOD - [2003/05/15 17:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/09/20 08:56:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 18:44:03 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/17 12:25:42 | 001,435,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/25 00:28:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/21 20:15:20 | 000,223,248 | ---- | M] (Paragon GmbH) [Disabled | Stopped] -- C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe -- (NetBurnerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2010/08/02 16:42:44 | 000,134,616 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/04/13 12:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2007/06/14 19:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/04 14:05:58 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/03/29 12:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/03/26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 16:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/21 20:15:20 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2007/02/21 20:15:12 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/02/21 20:15:12 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/02/21 20:15:12 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/04/30 11:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 11:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/01 16:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
IE - HKCU\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{0D7191D1-C6C9-4AE4-9515-1735958A3719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{3F8C7A0E-E4EB-4196-9531-4D194A1B16C0}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{DC04EA3C-687E-438D-BF5D-AF4584BEED23}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: twitternotifier%40naan.net:2.5.2
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.41
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7BB21F5E31-B8E8-41CD-B74C-168A71A10E49%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/07 05:39:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits\gahff.xpi [2013/10/07 19:23:07 | 000,010,541 | ---- | M] ()

[2008/07/08 16:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/10/07 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions
[2013/09/08 08:32:37 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/12/03 15:18:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/10/07 19:36:35 | 000,000,000 | ---D | M] (SweetPacks) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
[2013/10/07 19:24:52 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{d5e85854-ea74-ca9a-1293-e4e86d3e011b}
[2013/10/07 19:23:31 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\tidynetwork@tidynetwork
[2012/10/03 05:29:59 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\[email protected]
[2013/09/22 15:22:17 | 000,534,729 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/06/03 05:49:49 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\searchplugins\aol-search.xml
[2013/09/23 17:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/01 11:54:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/23 17:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 11:54:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/18 18:44:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/07 19:23:07 | 000,010,541 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GREATARCADEHITS\GAHFF.XPI
[2009/09/01 21:42:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O2 - BHO: (no name) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - No CLSID value found.
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\User\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\RunOnce: [Del310531] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{420A8603-0E24-4FEE-A7BA-7FD4245C049A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\awtTNghF: DllName - (awtTNghF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXNeBqn) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^ZooskMessenger.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: !AVG Anti-Spyware - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: Garmin Lifetime Updater - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: GarminExpressTrayApp - hkey= - key= - C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
MsConfig - StartUpReg: Genie Backup - hkey= - key= - File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: S3Trayp - hkey= - key= - File not found
MsConfig - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E8AF1C0-D275-11d2-B803-0000F81E8383} - Windows Script Version 5.1
ActiveX: {0E8AF1C1-D275-11d2-B803-0000F81E8383} - Windows Script Version 5.1
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10ABA7E0-3236-11d2-B7B0-0000F81E8383} - Windows Script Version 5.1
ActiveX: {10ABA7E1-3236-11d2-B7B0-0000F81E8383} - Windows Script Version 5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C2738E0-8E3A-11d3-A998-00104B365C9F} - Windows Script Version 5.1
ActiveX: {2C2738E1-8E3A-11d3-A998-00104B365C9F} - Windows Script Version 5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6CE9587E-81A7-1174-4E9A-9B4C8585C18A} - Java (Sun)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 20:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2013/10/07 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/10/07 19:34:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/10/07 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/10/07 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SweetPacks
[2013/10/07 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\SweetPacks
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Conduit
[2013/10/07 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/07 19:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SearchProtect
[2013/10/07 19:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\TidyNetwork.com
[2013/10/07 19:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp
[2013/10/07 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2013/10/07 19:23:11 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/10/07 19:23:11 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/10/07 19:23:11 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/10/07 19:23:11 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/10/07 19:23:11 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/10/07 19:23:11 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/10/07 19:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/10/07 19:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/10/07 19:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
[2013/10/07 19:13:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/06 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/10/06 19:46:17 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
[2013/10/06 19:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/09/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/07 20:25:34 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:23:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\TidyNetwork Update.job
[2013/10/07 20:09:55 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\User\Application Data\default.rss
[2013/10/07 20:09:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/07 20:08:20 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/10/07 20:05:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/07 19:34:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:29:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013/10/07 19:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013/10/07 19:26:13 | 000,000,000 | ---- | M] () -- C:\END
[2013/10/07 19:23:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/07 19:22:00 | 000,595,896 | ---- | M] () -- C:\Documents and Settings\User\Desktop\junkwareremovaltool-setup.exe
[2013/10/07 19:19:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/07 19:19:27 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/10/07 19:19:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/07 19:12:55 | 001,045,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:50 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/07 16:39:18 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2013/10/06 23:54:22 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/06 19:46:08 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
[2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/10/06 19:23:35 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 10:51:18 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/10/04 16:10:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/10/03 16:40:34 | 000,280,352 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/10/01 19:03:11 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 08:56:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 08:56:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 06:24:15 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[2013/09/17 12:25:42 | 001,435,440 | ---- | M] () -- C:\WINDOWS\System32\dmwu.exe
[2013/09/17 12:18:16 | 000,027,136 | ---- | M] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/09/12 05:36:39 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2013/09/09 02:57:00 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/09/09 02:57:00 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/09/09 02:57:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/09/09 02:57:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/09/09 02:57:00 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/07 20:25:40 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:08:20 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/10/07 20:05:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:26:10 | 000,000,000 | ---- | C] () -- C:\END
[2013/10/07 19:24:08 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013/10/07 19:24:08 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013/10/07 19:23:37 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/10/07 19:23:30 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\TidyNetwork Update.job
[2013/10/07 19:23:11 | 001,435,440 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2013/10/07 19:22:05 | 000,595,896 | ---- | C] () -- C:\Documents and Settings\User\Desktop\junkwareremovaltool-setup.exe
[2013/10/07 19:12:57 | 001,045,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:58 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:30 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/03 16:40:33 | 000,280,352 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/02/14 18:11:32 | 000,981,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/08 18:33:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/15 21:01:40 | 002,548,819 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-162531612-839522115-1003-0.dat
[2010/11/19 23:28:22 | 000,212,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/01/04 21:55:20 | 000,038,451 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft Access.ADR
[2009/10/29 05:50:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2009/02/13 21:51:57 | 000,011,211 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).CAL
[2008/04/28 22:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\.gtk-bookmarks
[2008/04/01 22:32:05 | 000,026,215 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
[2008/03/27 21:04:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/01/20 23:55:40 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2004/11/03 15:37:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2004/05/22 13:56:52 | 000,178,136 | ---- | C] () -- C:\Documents and Settings\User\~
[2004/05/22 13:50:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.html
[2004/05/22 13:46:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTApp.html
[2003/07/29 11:37:20 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/01/24 21:55:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG SP2004C S07GJ1ULC08646 VM100-49
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 128.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/04/28 22:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.bittorrent
[2011/03/13 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe
[2008/03/27 21:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2012/04/25 17:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Arcsoft
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ATI MMC
[2013/01/29 19:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity
[2013/06/17 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2011/03/13 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative ASR2
[2009/06/04 07:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Download Manager
[2008/03/27 22:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss
[2013/10/06 19:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FarStone
[2009/09/16 18:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileOpen
[2010/10/21 12:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FireShot
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM
[2013/06/21 16:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GARMIN
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Genie-soft
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Help
[2011/03/25 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2008/01/24 21:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IsolatedStorage
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Lycos
[2004/05/22 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia
[2013/10/07 19:24:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft
[2013/01/09 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mjusbsp
[2008/07/08 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla
[2013/09/21 15:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mp3tagpro
[2013/01/29 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Software
[2009/10/29 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nero
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\netquartz ez-platform
[2013/06/22 07:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2011/06/17 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Roxio
[2013/10/07 19:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SearchProtect
[2009/12/05 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Singlesnet
[2013/10/07 19:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Skype
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\teamspeak2
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Labyrinth Plus! Edition
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2013/09/06 19:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UseNeXT
[2013/09/06 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2011/09/10 07:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc
[2012/04/25 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\webex
[2008/12/11 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/04/09 17:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2012/07/04 07:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\wtxpcom
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\X10 Commander
[2010/08/04 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2012/07/04 07:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\YouTube Downloader

< MD5 for: ATAPI.SYS >
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/08 13:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/06/08 13:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 07:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2006/10/11 11:35:59 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=195022D88CC77117B090A27FF9978741 -- C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USER32.DLL >
[2005/03/02 13:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 10:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is DCF1-39DE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/08/2012 07:53 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/08/2012 07:53 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/08/2012 07:44 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
05/31/2013 11:22 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 25,865,699,328 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/13 19:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2001/08/23 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2001/08/23 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 06:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 07:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 06:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[1 C:\Program Files\WINDOWS NT\Accessories\*.tmp files -> C:\Program Files\WINDOWS NT\Accessories\*.tmp -> ]
[2001/08/23 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2001/08/23 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/13 19:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2001/08/23 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2001/08/23 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2001/08/23 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2001/08/23 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2001/08/23 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2001/08/23 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2001/08/23 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2001/08/23 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2001/08/23 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2001/08/23 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2001/08/23 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2001/08/23 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2001/08/23 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2001/08/23 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2001/08/23 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2001/08/23 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2001/08/23 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2001/08/23 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2001/08/23 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2001/08/23 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2001/08/23 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2001/08/23 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2001/08/23 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2001/08/23 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2001/08/23 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2001/08/23 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2001/08/23 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2001/08/23 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2001/08/23 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2001/08/23 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2001/08/23 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2001/08/23 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2001/08/23 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2001/08/23 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2001/08/23 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2001/08/23 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2001/08/23 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2001/08/23 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2001/08/23 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2001/08/23 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2001/08/23 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2001/08/23 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2001/08/23 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2001/08/23 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2001/08/23 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2001/08/23 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2001/08/23 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2001/08/23 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2001/08/23 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2001/08/23 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2001/08/23 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2001/08/23 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2001/08/23 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2001/08/23 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2001/08/23 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2001/08/23 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2001/08/23 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2001/08/23 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2001/08/23 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2001/08/23 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2001/08/23 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2001/08/23 07:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

OTL Extras Log:
OTL Extras logfile created on: 10/7/2013 8:25:00 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 61.65% Memory free
3.60 Gb Paging File | 3.10 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.12 Gb Free Space | 18.85% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.12 Gb Free Space | 18.85% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit "%1" %* (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- C:\WINDOWS\system32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- C:\WINDOWS\system32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- C:\WINDOWS\system32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Temp\BitTorrent\bittorrent.exe" = C:\Temp\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent Inc.)
"C:\Temp\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Temp\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)
"C:\Temp\Nero 7\Nero MediaHome\NMMediaServer.exe" = C:\Temp\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu -- ()
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5.1
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{2028646C-E143-4DB1-AE19-AA31CA90E103}" = HP Webcam User's Guide
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{232F1B14-7126-491F-AC8C-6123BA58FDE2}" = QuickShare
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3fca464b-0288-497f-af06-cf1b3f131a34}" = Nero 9
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{511CFE49-F318-4659-BC3F-73E9DBC3E2A8}" = ArcSoft Magic-i Visual Effects 2
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57250E78-F6E2-4DCE-9A84-50B28A70AB84}" = Menu Templates - Pack 3
"{590E3295-A11B-4C9F-9F88-399397EE393D}" = YouTube Downloader Toolbar v6.0
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{800B3855-2646-4707-B915-BDCC28F03D63}" = ArcSoft WebCam Companion 3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB8E6CE-CE6D-43A0-B54E-422425524FF9}" = Menu Templates - Pack 2
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.5 Professional
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F425DD1D-0097-41C3-B545-B79E3D51100E}" = Movie Templates - Pack 1
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"DealPly" = DealPly (remove only)
"HijackThis" = HijackThis 1.99.1
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IECT3310511" = SweetPacks Toolbar for IE
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3Tag Pro_is1" = mp3Tag Pro 8.1
"NTFS4DOS" = NTFS4DOS
"QuickPar" = QuickPar 0.9
"SearchProtect" = Search Protect by conduit
"Speccy" = Speccy
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0095
"VLC media player" = VLC media player 1.1.11
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WNLT" = IB Updater Service
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits
"Dealply" = Dealply
"GoToMeeting" = GoToMeeting 5.5.0.1133
"magicJack" = magicJack
"MS AntiSpyware 2009 5.7" = MS AntiSpyware 2009
"TidyNetwork.com" = TidyNetwork.com
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Error performing inpage operation.
for C:\Documents and Settings\NetworkService\ntuser.dat

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - Error performing
inpage operation.

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 10/6/2013 8:13:49 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Error performing inpage operation.
for C:\Documents and Settings\NetworkService\ntuser.dat

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - Error performing
inpage operation.

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 10/6/2013 8:19:33 PM | Computer Name = VERYFASTUSER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 10/7/2013 8:23:08 PM | Computer Name = VERYFASTUSER | Source = Application Error | ID = 1000
Description = Faulting application 908, version 0.0.0.0, faulting module 908, version
0.0.0.0, fault address 0x0006612c.

Error - 10/7/2013 9:24:35 PM | Computer Name = VERYFASTUSER | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/7/2013 7:55:33 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start
due to the following error: %%1290

Error - 10/7/2013 7:55:47 PM | Computer Name = VERYFASTUSER | Source = DCOM | ID = 10005
Description = DCOM got error "%1290" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/7/2013 7:55:48 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start
due to the following error: %%1290

Error - 10/7/2013 8:19:17 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start
due to the following error: %%1290

Error - 10/7/2013 8:19:20 PM | Computer Name = VERYFASTUSER | Source = DCOM | ID = 10005
Description = DCOM got error "%1290" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/7/2013 8:19:20 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start
due to the following error: %%1290

Error - 10/7/2013 8:25:00 PM | Computer Name = VERYFASTUSER | Source = Service Control Manager | ID = 7031
Description = The IBUpdaterService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.


< End of report >

checkup Log:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
IE - HKCU\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7BB21F5E31-B8E8-41CD-B74C-168A71A10E49%7D:1.0.0
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits\gahff.xpi [2013/10/07 19:23:07 | 000,010,541 | ---- | M] ()
[2013/10/07 19:36:35 | 000,000,000 | ---D | M] (SweetPacks) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
[2013/10/07 19:24:52 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{d5e85854-ea74-ca9a-1293-e4e86d3e011b}
[2013/10/07 19:23:31 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\tidynetwork@tidynetwork
[2013/06/03 05:49:49 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\searchplugins\aol-search.xml
[2013/10/01 11:54:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/01 11:54:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/07 19:23:07 | 000,010,541 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GREATARCADEHITS\GAHFF.XPI
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O2 - BHO: (no name) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - No CLSID value found.
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\User\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\RunOnce: [Del310531] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O8 - Extra context menu item: Convert link target to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found
O20 - Winlogon\Notify\awtTNghF: DllName - (awtTNghF.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXNeBqn) - File not found
[2013/10/07 19:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/10/07 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/10/07 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SweetPacks
[2013/10/07 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\SweetPacks
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Conduit
[2013/10/07 19:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SearchProtect
[2013/10/07 19:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\TidyNetwork.com
[2013/10/07 19:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp
[2013/10/07 20:23:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\TidyNetwork Update.job
[2013/10/07 19:19:27 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/09/17 12:25:42 | 001,435,440 | ---- | M] () -- C:\WINDOWS\System32\dmwu.exe
[2013/09/12 05:36:39 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2013/10/07 19:24:08 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013/10/07 19:24:08 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013/10/07 19:23:37 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/10/07 19:23:30 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\TidyNetwork Update.job
[2013/10/07 19:23:11 | 001,435,440 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe

:files
sc stop IBUpdaterService /c
sc delete IBUpdaterService /c
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\jmdp
sc stop CltMngSvc /c
sc delete CltMngSvc /c
C:\Program Files\SearchProtect
C:\Program Files\SweetPacks
at /c
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.



Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then double click on it.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

#6
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
First OTL Log:

OTL logfile created on: 10/8/2013 6:55:55 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 65.31% Memory free
3.60 Gb Paging File | 3.16 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.01 Gb Free Space | 18.76% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.01 Gb Free Space | 18.76% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/04/13 19:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/18 18:44:03 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/01 00:54:44 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll
MOD - [2013/06/01 00:53:01 | 001,050,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll
MOD - [2012/07/08 20:32:34 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/07/08 20:32:32 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
MOD - [2012/07/08 20:32:28 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
MOD - [2012/07/08 20:32:24 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
MOD - [2012/07/08 20:32:22 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
MOD - [2012/07/08 20:32:16 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/07/08 20:30:56 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/07/08 20:27:55 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/07/08 20:27:52 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/07/08 20:27:50 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/07/08 20:27:45 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/07/08 19:02:46 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/07/08 19:02:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/07/08 19:02:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/07/08 19:01:36 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/07/08 19:01:06 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/07/08 19:00:49 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/05/15 17:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/09/20 08:56:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 18:44:03 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/25 00:28:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/21 20:15:20 | 000,223,248 | ---- | M] (Paragon GmbH) [Disabled | Stopped] -- C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe -- (NetBurnerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/08/02 16:42:44 | 000,134,616 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2007/06/14 19:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/04 14:05:58 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/03/29 12:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/03/26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 16:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/21 20:15:20 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2007/02/21 20:15:12 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/02/21 20:15:12 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/02/21 20:15:12 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/04/30 11:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 11:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/01 16:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{0D7191D1-C6C9-4AE4-9515-1735958A3719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{3F8C7A0E-E4EB-4196-9531-4D194A1B16C0}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...h={searchTerms}
IE - HKCU\..\SearchScopes\{DC04EA3C-687E-438D-BF5D-AF4584BEED23}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/07 05:39:07 | 000,000,000 | ---D | M]

[2008/07/08 16:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions
[2013/09/08 08:32:37 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/12/03 15:18:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/10/03 05:29:59 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\[email protected]
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/18 18:44:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/01 21:42:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{420A8603-0E24-4FEE-A7BA-7FD4245C049A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^ZooskMessenger.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: !AVG Anti-Spyware - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: Garmin Lifetime Updater - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: GarminExpressTrayApp - hkey= - key= - C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
MsConfig - StartUpReg: Genie Backup - hkey= - key= - File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: S3Trayp - hkey= - key= - File not found
MsConfig - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E8AF1C0-D275-11d2-B803-0000F81E8383} - Windows Script Version 5.1
ActiveX: {0E8AF1C1-D275-11d2-B803-0000F81E8383} - Windows Script Version 5.1
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10ABA7E0-3236-11d2-B7B0-0000F81E8383} - Windows Script Version 5.1
ActiveX: {10ABA7E1-3236-11d2-B7B0-0000F81E8383} - Windows Script Version 5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C2738E0-8E3A-11d3-A998-00104B365C9F} - Windows Script Version 5.1
ActiveX: {2C2738E1-8E3A-11d3-A998-00104B365C9F} - Windows Script Version 5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {941DE5B9-90EC-4199-DDD7-84AE531183AA} - Java (Sun)
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 18:50:30 | 000,358,923 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FSS.exe
[2013/10/08 18:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/10/08 18:32:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/08 17:19:39 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/10/07 20:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2013/10/07 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/10/07 19:34:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp
[2013/10/07 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/07 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2013/10/07 19:23:11 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/10/07 19:23:11 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/10/07 19:23:11 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/10/07 19:23:11 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/10/07 19:23:11 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/10/07 19:23:11 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/10/07 19:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/10/07 19:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/10/07 19:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
[2013/10/07 19:13:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/06 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/10/06 19:46:17 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
[2013/10/06 19:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/09/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 18:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/08 18:53:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/08 18:52:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/08 18:51:22 | 000,358,923 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FSS.exe
[2013/10/08 18:39:20 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ServicesRepair.exe
[2013/10/08 17:26:11 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2013/10/08 17:19:33 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/10/07 20:25:34 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:09:55 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\User\Application Data\default.rss
[2013/10/07 20:09:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/07 20:05:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:34:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:26:13 | 000,000,000 | ---- | M] () -- C:\END
[2013/10/07 19:12:55 | 001,045,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:50 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:22 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/06 19:46:08 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
[2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/10/06 19:23:35 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 10:51:18 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/10/04 16:10:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/10/03 16:40:34 | 000,280,352 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/10/01 19:03:11 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 08:56:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 08:56:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 06:24:15 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[2013/09/17 12:18:16 | 000,027,136 | ---- | M] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/09/09 02:57:00 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/09/09 02:57:00 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/09/09 02:57:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/09/09 02:57:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/09/09 02:57:00 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/08 18:39:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ServicesRepair.exe
[2013/10/07 20:25:40 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:05:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:26:10 | 000,000,000 | ---- | C] () -- C:\END
[2013/10/07 19:12:57 | 001,045,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:58 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:30 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/03 16:40:33 | 000,280,352 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/02/14 18:11:32 | 000,981,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/08 18:33:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/15 21:01:40 | 002,548,819 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-162531612-839522115-1003-0.dat
[2010/11/19 23:28:22 | 000,212,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/01/04 21:55:20 | 000,038,451 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft Access.ADR
[2009/10/29 05:50:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2009/02/13 21:51:57 | 000,011,211 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).CAL
[2008/04/28 22:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\.gtk-bookmarks
[2008/04/01 22:32:05 | 000,026,215 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
[2008/03/27 21:04:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/01/20 23:55:40 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2004/11/03 15:37:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2004/05/22 13:56:52 | 000,178,136 | ---- | C] () -- C:\Documents and Settings\User\~
[2004/05/22 13:50:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.html
[2004/05/22 13:46:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTApp.html
[2003/07/29 11:37:20 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/01/24 21:55:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG SP2004C S07GJ1ULC08646 VM100-49
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 128.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/04/28 22:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.bittorrent
[2011/03/13 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe
[2008/03/27 21:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2012/04/25 17:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Arcsoft
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ATI MMC
[2013/01/29 19:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity
[2013/06/17 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2011/03/13 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative ASR2
[2009/06/04 07:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Download Manager
[2008/03/27 22:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss
[2013/10/06 19:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FarStone
[2009/09/16 18:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileOpen
[2010/10/21 12:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FireShot
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM
[2013/06/21 16:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GARMIN
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Genie-soft
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Help
[2011/03/25 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2008/01/24 21:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IsolatedStorage
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Lycos
[2004/05/22 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia
[2013/10/07 19:24:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft
[2013/01/09 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mjusbsp
[2008/07/08 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla
[2013/09/21 15:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mp3tagpro
[2013/01/29 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Software
[2009/10/29 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nero
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\netquartz ez-platform
[2013/06/22 07:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2011/06/17 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Roxio
[2009/12/05 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Singlesnet
[2013/10/08 18:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Skype
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\teamspeak2
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Labyrinth Plus! Edition
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2013/09/06 19:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UseNeXT
[2013/09/06 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2011/09/10 07:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc
[2012/04/25 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\webex
[2008/12/11 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/04/09 17:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2012/07/04 07:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\wtxpcom
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\X10 Commander
[2010/08/04 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2012/07/04 07:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\YouTube Downloader

< MD5 for: ATAPI.SYS >
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/08 13:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/06/08 13:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is DCF1-39DE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/08/2012 07:53 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/08/2012 07:53 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/08/2012 07:44 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
05/31/2013 11:22 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 25,752,326,144 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/13 19:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2001/08/23 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2001/08/23 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 06:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 07:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 06:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[1 C:\Program Files\WINDOWS NT\Accessories\*.tmp files -> C:\Program Files\WINDOWS NT\Accessories\*.tmp -> ]
[2001/08/23 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2001/08/23 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/13 19:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2001/08/23 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2001/08/23 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2001/08/23 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2001/08/23 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2001/08/23 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2001/08/23 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2001/08/23 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2001/08/23 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2001/08/23 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2001/08/23 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2001/08/23 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2001/08/23 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2001/08/23 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2001/08/23 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2001/08/23 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2001/08/23 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2001/08/23 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2001/08/23 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2001/08/23 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2001/08/23 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2001/08/23 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2001/08/23 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2001/08/23 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2001/08/23 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2001/08/23 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2001/08/23 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2001/08/23 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2001/08/23 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2001/08/23 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2001/08/23 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2001/08/23 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2001/08/23 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2001/08/23 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2001/08/23 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2001/08/23 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2001/08/23 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2001/08/23 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2001/08/23 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2001/08/23 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2001/08/23 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2001/08/23 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2001/08/23 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2001/08/23 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2001/08/23 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2001/08/23 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2001/08/23 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2001/08/23 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2001/08/23 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2001/08/23 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2001/08/23 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2001/08/23 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2001/08/23 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2001/08/23 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2001/08/23 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2001/08/23 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2001/08/23 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2001/08/23 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2001/08/23 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2001/08/23 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2001/08/23 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2001/08/23 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2001/08/23 07:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

VEW Log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/10/2013 6:49:41 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FSS Log:

Farbar Service Scanner Version: 13-09-2013
Ran by User (administrator) on 08-10-2013 at 18:53:41
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

2nd OTL Log:

OTL logfile created on: 10/8/2013 6:55:55 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 65.31% Memory free
3.60 Gb Paging File | 3.16 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.01 Gb Free Space | 18.76% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.01 Gb Free Space | 18.76% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/04/13 19:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/18 18:44:03 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/01 00:54:44 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll
MOD - [2013/06/01 00:53:01 | 001,050,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll
MOD - [2012/07/08 20:32:34 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/07/08 20:32:32 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
MOD - [2012/07/08 20:32:28 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
MOD - [2012/07/08 20:32:24 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
MOD - [2012/07/08 20:32:22 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
MOD - [2012/07/08 20:32:16 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/07/08 20:30:56 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/07/08 20:27:55 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/07/08 20:27:52 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/07/08 20:27:50 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/07/08 20:27:45 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/07/08 19:02:46 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/07/08 19:02:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/07/08 19:02:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/07/08 19:01:36 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/07/08 19:01:06 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/07/08 19:00:49 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/05/15 17:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/09/20 08:56:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 18:44:03 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/25 00:28:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/21 20:15:20 | 000,223,248 | ---- | M] (Paragon GmbH) [Disabled | Stopped] -- C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe -- (NetBurnerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/08/02 16:42:44 | 000,134,616 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2007/06/14 19:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/04 14:05:58 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/03/29 12:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/03/26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 16:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/21 20:15:20 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2007/02/21 20:15:12 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/02/21 20:15:12 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/02/21 20:15:12 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/04/30 11:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 11:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/01 16:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{0D7191D1-C6C9-4AE4-9515-1735958A3719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{3F8C7A0E-E4EB-4196-9531-4D194A1B16C0}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...h={searchTerms}
IE - HKCU\..\SearchScopes\{DC04EA3C-687E-438D-BF5D-AF4584BEED23}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/07 05:39:07 | 000,000,000 | ---D | M]

[2008/07/08 16:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions
[2013/09/08 08:32:37 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/12/03 15:18:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/10/03 05:29:59 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\extensions\[email protected]
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/18 18:44:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/01 21:42:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{420A8603-0E24-4FEE-A7BA-7FD4245C049A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^ZooskMessenger.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: !AVG Anti-Spyware - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: Garmin Lifetime Updater - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: GarminExpressTrayApp - hkey= - key= - C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
MsConfig - StartUpReg: Genie Backup - hkey= - key= - File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: S3Trayp - hkey= - key= - File not found
MsConfig - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E8AF1C0-D275-11d2-B803-0000F81E8383} - Windows Script Version 5.1
ActiveX: {0E8AF1C1-D275-11d2-B803-0000F81E8383} - Windows Script Version 5.1
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10ABA7E0-3236-11d2-B7B0-0000F81E8383} - Windows Script Version 5.1
ActiveX: {10ABA7E1-3236-11d2-B7B0-0000F81E8383} - Windows Script Version 5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C2738E0-8E3A-11d3-A998-00104B365C9F} - Windows Script Version 5.1
ActiveX: {2C2738E1-8E3A-11d3-A998-00104B365C9F} - Windows Script Version 5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {941DE5B9-90EC-4199-DDD7-84AE531183AA} - Java (Sun)
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 18:50:30 | 000,358,923 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FSS.exe
[2013/10/08 18:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/10/08 18:32:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/08 17:19:39 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/10/07 20:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2013/10/07 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/10/07 19:34:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp
[2013/10/07 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/07 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2013/10/07 19:23:11 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/10/07 19:23:11 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/10/07 19:23:11 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/10/07 19:23:11 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/10/07 19:23:11 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/10/07 19:23:11 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/10/07 19:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/10/07 19:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/10/07 19:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
[2013/10/07 19:13:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/06 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/10/06 19:46:17 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
[2013/10/06 19:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/09/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 18:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/08 18:53:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/08 18:52:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/08 18:51:22 | 000,358,923 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FSS.exe
[2013/10/08 18:39:20 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ServicesRepair.exe
[2013/10/08 17:26:11 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2013/10/08 17:19:33 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/10/07 20:25:34 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:09:55 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\User\Application Data\default.rss
[2013/10/07 20:09:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/07 20:05:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:34:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:26:13 | 000,000,000 | ---- | M] () -- C:\END
[2013/10/07 19:12:55 | 001,045,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:50 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:22 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/06 19:46:08 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
[2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/10/06 19:23:35 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 10:51:18 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/10/04 16:10:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/10/03 16:40:34 | 000,280,352 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/10/01 19:03:11 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 08:56:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 08:56:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 06:24:15 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[2013/09/17 12:18:16 | 000,027,136 | ---- | M] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/09/09 02:57:00 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/09/09 02:57:00 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/09/09 02:57:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/09/09 02:57:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/09/09 02:57:00 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/08 18:39:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ServicesRepair.exe
[2013/10/07 20:25:40 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:05:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:26:10 | 000,000,000 | ---- | C] () -- C:\END
[2013/10/07 19:12:57 | 001,045,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:58 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:30 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/03 16:40:33 | 000,280,352 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/02/14 18:11:32 | 000,981,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/08 18:33:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/15 21:01:40 | 002,548,819 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-162531612-839522115-1003-0.dat
[2010/11/19 23:28:22 | 000,212,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/01/04 21:55:20 | 000,038,451 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft Access.ADR
[2009/10/29 05:50:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2009/02/13 21:51:57 | 000,011,211 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).CAL
[2008/04/28 22:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\.gtk-bookmarks
[2008/04/01 22:32:05 | 000,026,215 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
[2008/03/27 21:04:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/01/20 23:55:40 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2004/11/03 15:37:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2004/05/22 13:56:52 | 000,178,136 | ---- | C] () -- C:\Documents and Settings\User\~
[2004/05/22 13:50:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.html
[2004/05/22 13:46:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTApp.html
[2003/07/29 11:37:20 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/01/24 21:55:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG SP2004C S07GJ1ULC08646 VM100-49
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 128.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/04/28 22:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.bittorrent
[2011/03/13 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe
[2008/03/27 21:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2012/04/25 17:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Arcsoft
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ATI MMC
[2013/01/29 19:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity
[2013/06/17 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2011/03/13 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative
[2008/01/29 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative ASR2
[2009/06/04 07:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Download Manager
[2008/03/27 22:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss
[2013/10/06 19:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FarStone
[2009/09/16 18:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileOpen
[2010/10/21 12:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FireShot
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM
[2013/06/21 16:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GARMIN
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Genie-soft
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Help
[2011/03/25 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2008/01/24 21:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IsolatedStorage
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/01/29 01:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Lycos
[2004/05/22 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia
[2013/10/07 19:24:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft
[2013/01/09 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mjusbsp
[2008/07/08 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla
[2013/09/21 15:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mp3tagpro
[2013/01/29 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Software
[2009/10/29 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nero
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\netquartz ez-platform
[2013/06/22 07:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2011/06/17 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Roxio
[2009/12/05 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Singlesnet
[2013/10/08 18:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Skype
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\teamspeak2
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Labyrinth Plus! Edition
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2013/09/06 19:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UseNeXT
[2013/09/06 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2011/09/10 07:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc
[2012/04/25 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\webex
[2008/12/11 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/04/09 17:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2012/07/04 07:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\wtxpcom
[2008/01/29 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\X10 Commander
[2010/08/04 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2012/07/04 07:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\YouTube Downloader

< MD5 for: ATAPI.SYS >
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/08 13:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/06/08 13:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is DCF1-39DE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/08/2012 07:53 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/08/2012 07:53 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/08/2012 07:44 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
05/31/2013 11:22 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 25,752,326,144 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/18 18:44:03 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/13 19:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2001/08/23 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2001/08/23 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 06:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 07:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 06:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[1 C:\Program Files\WINDOWS NT\Accessories\*.tmp files -> C:\Program Files\WINDOWS NT\Accessories\*.tmp -> ]
[2001/08/23 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2001/08/23 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/13 19:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2001/08/23 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2001/08/23 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2001/08/23 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2001/08/23 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2001/08/23 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2001/08/23 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2001/08/23 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2001/08/23 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2001/08/23 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2001/08/23 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2001/08/23 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2001/08/23 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2001/08/23 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2001/08/23 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2001/08/23 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2001/08/23 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2001/08/23 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2001/08/23 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2001/08/23 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2001/08/23 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2001/08/23 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2001/08/23 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2001/08/23 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2001/08/23 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2001/08/23 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2001/08/23 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2001/08/23 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2001/08/23 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2001/08/23 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2001/08/23 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2001/08/23 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2001/08/23 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2001/08/23 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2001/08/23 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2001/08/23 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2001/08/23 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2001/08/23 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2001/08/23 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2001/08/23 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2001/08/23 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2001/08/23 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2001/08/23 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2001/08/23 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2001/08/23 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2001/08/23 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2001/08/23 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2001/08/23 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2001/08/23 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2001/08/23 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2001/08/23 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2001/08/23 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2001/08/23 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2001/08/23 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2001/08/23 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2001/08/23 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2001/08/23 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2001/08/23 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2001/08/23 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2001/08/23 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2001/08/23 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2001/08/23 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2001/08/23 07:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
  • 0

#8
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hey Malwarebytes Anti-Malware would not run because of error "Run-Time error'53': File not found: advpack"

Then ServicesRepair did "This uitility will reinstall services commonly removed by exploits. Do you want to proceed?" Then I clicked yes it ran then wanted to re-boot then after re-booting no log file.

ComboFix log

ComboFix 13-10-09.01 - User 10/09/2013 20:08:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1330 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\User\Local Settings\Temporary Internet Files\Pre5.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\Pre6.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\reggpc.bat
c:\documents and settings\User\WINDOWS
c:\program files\driver
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\qyenxkuv.ini
c:\windows\system32\xeybtiih.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-09-10 to 2013-10-10 )))))))))))))))))))))))))))))))
.
.
2013-10-08 00:13 . 2013-10-09 01:27 -------- d-----w- C:\AdwCleaner
2013-10-07 00:47 . 2013-10-07 00:47 -------- d-----w- c:\documents and settings\User\Application Data\ElevatedDiagnostics
2013-10-07 00:15 . 2013-10-07 00:15 -------- d-sh--w- c:\documents and settings\Administrator.VERYFASTUSER\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 16:56 . 2012-03-29 01:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 16:56 . 2011-05-16 10:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[-] 2001-08-23 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk]
backup=c:\windows\pss\HP Button Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=c:\windows\pss\ZooskMessenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-12 02:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 21:18 1098072 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 08:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 22:49 16377344 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-05-15 18:31 200704 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 12:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Temp\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\User\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/27/2008 4:39 PM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/27/2008 4:39 PM 5248]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [1/29/2008 2:00 PM 38448]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [3/26/2007 6:26 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [3/26/2007 6:26 PM 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/24/2008 9:13 PM 13696]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [1/29/2008 2:00 PM 84752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [3/27/2013 4:17 PM 185688]
R2 uCamMonitor;CamMonitor;c:\temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [4/25/2012 5:14 PM 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [4/25/2012 5:14 PM 14336]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9/16/2013 12:29 PM 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/25/2013 8:52 AM 162672]
S4 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [1/29/2008 2:00 PM 223248]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN27231546931689727&UM=2&UP=SP364D9781-D25F-437A-90FF-3EC91C046813
mStart Page = about:blank
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-IECT3310511 - c:\documents and settings\All Users\Application Data\Conduit\IE\CT3310511\UninstallerUI.exe
AddRemove-Dealply - c:\documents and settings\User\Application Data\Dealply\UpdateProc\UpdateTask.exe
AddRemove-TidyNetwork.com - c:\documents and settings\User\Local Settings\Application Data\TidyNetwork.com\TidyNetwork.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\System32\NETUI0.dll
.
Completion time: 2013-10-09 20:18:13
ComboFix-quarantined-files.txt 2013-10-10 01:18
.
Pre-Run: 25,543,467,008 bytes free
Post-Run: 26,034,659,328 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - F272508F06AD72CAE581FC839111CB2E
8F558EB6672622401DA993E1E865C861


TDSSKiller.2.8.16.0_09.10.2013_20.26.20_log

20:26:20.0296 2936 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:26:21.0015 2936 ============================================================
20:26:21.0015 2936 Current date / time: 2013/10/09 20:26:21.0015
20:26:21.0015 2936 SystemInfo:
20:26:21.0015 2936
20:26:21.0031 2936 OS Version: 5.1.2600 ServicePack: 3.0
20:26:21.0031 2936 Product type: Workstation
20:26:21.0031 2936 ComputerName: VERYFASTUSER
20:26:21.0031 2936 UserName: User
20:26:21.0031 2936 Windows directory: C:\WINDOWS
20:26:21.0031 2936 System windows directory: C:\WINDOWS
20:26:21.0031 2936 Processor architecture: Intel x86
20:26:21.0031 2936 Number of processors: 2
20:26:21.0031 2936 Page size: 0x1000
20:26:21.0031 2936 Boot type: Normal boot
20:26:21.0031 2936 ============================================================
20:26:28.0796 2936 BG loaded
20:26:29.0187 2936 !crdlk
20:26:29.0187 2936 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:26:29.0218 2936 ============================================================
20:26:29.0218 2936 \Device\Harddisk0\DR0:
20:26:29.0250 2936 MBR partitions:
20:26:29.0250 2936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
20:26:29.0250 2936 ============================================================
20:26:29.0484 2936 C: <-> \Device\Harddisk0\DR0\Partition1
20:26:29.0765 2936 ============================================================
20:26:29.0765 2936 Initialize success
20:26:29.0765 2936 ============================================================
20:27:01.0296 0468 ============================================================
20:27:01.0296 0468 Scan started
20:27:01.0296 0468 Mode: Manual; SigCheck; TDLFS;
20:27:01.0296 0468 ============================================================
20:27:01.0578 0468 ================ Scan system memory ========================
20:27:01.0578 0468 System memory - ok
20:27:01.0578 0468 ================ Scan services =============================
20:27:02.0890 0468 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
20:27:03.0296 0468 a347bus ( UnsignedFile.Multi.Generic ) - warning
20:27:03.0296 0468 a347bus - detected UnsignedFile.Multi.Generic (1)
20:27:03.0343 0468 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
20:27:03.0406 0468 a347scsi ( UnsignedFile.Multi.Generic ) - warning
20:27:03.0406 0468 a347scsi - detected UnsignedFile.Multi.Generic (1)
20:27:03.0406 0468 Abiosdsk - ok
20:27:03.0421 0468 abp480n5 - ok
20:27:03.0875 0468 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:27:20.0828 0468 ACDaemon - ok
20:27:20.0890 0468 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:27:22.0406 0468 ACPI - ok
20:27:22.0453 0468 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:27:22.0609 0468 ACPIEC - ok
20:27:22.0687 0468 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:27:22.0703 0468 AdobeFlashPlayerUpdateSvc - ok
20:27:22.0703 0468 adpu160m - ok
20:27:22.0734 0468 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:27:22.0906 0468 aec - ok
20:27:22.0937 0468 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:27:23.0000 0468 AFD - ok
20:27:23.0015 0468 Aha154x - ok
20:27:23.0015 0468 aic78u2 - ok
20:27:23.0031 0468 aic78xx - ok
20:27:23.0062 0468 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:27:23.0203 0468 Alerter - ok
20:27:23.0218 0468 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:27:23.0312 0468 ALG - ok
20:27:23.0328 0468 AliIde - ok
20:27:23.0328 0468 amsint - ok
20:27:23.0375 0468 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:27:23.0453 0468 AppMgmt - ok
20:27:23.0484 0468 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
20:27:23.0500 0468 ArcSoftKsUFilter - ok
20:27:23.0515 0468 asc - ok
20:27:23.0515 0468 asc3350p - ok
20:27:23.0531 0468 asc3550 - ok
20:27:23.0671 0468 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:27:23.0718 0468 aspnet_state - ok
20:27:23.0750 0468 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:27:23.0937 0468 AsyncMac - ok
20:27:23.0937 0468 Atdisk - ok
20:27:23.0984 0468 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:27:24.0156 0468 Atmarpc - ok
20:27:24.0203 0468 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:27:24.0359 0468 AudioSrv - ok
20:27:24.0390 0468 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:27:24.0546 0468 audstub - ok
20:27:24.0625 0468 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:27:24.0796 0468 Beep - ok
20:27:24.0812 0468 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\System32\drivers\BIOS.sys
20:27:24.0828 0468 BIOS ( UnsignedFile.Multi.Generic ) - warning
20:27:24.0828 0468 BIOS - detected UnsignedFile.Multi.Generic (1)
20:27:24.0875 0468 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:27:25.0015 0468 BITS - ok
20:27:25.0046 0468 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
20:27:25.0203 0468 Browser - ok
20:27:25.0250 0468 [ 50DED7C73E0FB40693EDAB8CAD7C46E7 ] CA561 C:\WINDOWS\system32\Drivers\SPCA561.SYS
20:27:25.0328 0468 CA561 - ok
20:27:25.0500 0468 catchme - ok
20:27:25.0546 0468 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:27:25.0703 0468 cbidf2k - ok
20:27:25.0718 0468 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:27:25.0906 0468 CCDECODE - ok
20:27:25.0906 0468 cd20xrnt - ok
20:27:25.0953 0468 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:27:26.0109 0468 Cdaudio - ok
20:27:26.0140 0468 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:27:26.0312 0468 Cdfs - ok
20:27:26.0343 0468 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:27:26.0500 0468 Cdrom - ok
20:27:26.0515 0468 Changer - ok
20:27:26.0546 0468 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
20:27:26.0687 0468 cisvc - ok
20:27:26.0718 0468 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:27:26.0859 0468 ClipSrv - ok
20:27:26.0937 0468 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:27.0109 0468 clr_optimization_v2.0.50727_32 - ok
20:27:27.0140 0468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:27:27.0281 0468 clr_optimization_v4.0.30319_32 - ok
20:27:27.0281 0468 CmdIde - ok
20:27:27.0296 0468 COMSysApp - ok
20:27:27.0312 0468 Cpqarray - ok
20:27:27.0343 0468 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:27:27.0484 0468 CryptSvc - ok
20:27:27.0500 0468 dac2w2k - ok
20:27:27.0500 0468 dac960nt - ok
20:27:27.0546 0468 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:27:27.0625 0468 DcomLaunch - ok
20:27:27.0656 0468 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:27:27.0812 0468 Dhcp - ok
20:27:27.0843 0468 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:27:28.0015 0468 Disk - ok
20:27:28.0031 0468 dmadmin - ok
20:27:28.0078 0468 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:27:28.0250 0468 dmboot - ok
20:27:28.0281 0468 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:27:28.0453 0468 dmio - ok
20:27:28.0468 0468 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:27:28.0625 0468 dmload - ok
20:27:28.0656 0468 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:27:28.0828 0468 dmserver - ok
20:27:28.0859 0468 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:27:29.0015 0468 DMusic - ok
20:27:29.0062 0468 [ 04E6D6842778A76D25A952BAA22C409F ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:27:29.0078 0468 DNE - ok
20:27:29.0140 0468 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:27:29.0203 0468 Dnscache - ok
20:27:29.0250 0468 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:27:29.0406 0468 Dot3svc - ok
20:27:29.0406 0468 dpti2o - ok
20:27:29.0437 0468 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:27:29.0593 0468 drmkaud - ok
20:27:29.0625 0468 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:27:29.0765 0468 EapHost - ok
20:27:29.0781 0468 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:27:29.0937 0468 ERSvc - ok
20:27:29.0968 0468 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:27:30.0015 0468 Eventlog - ok
20:27:30.0156 0468 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:27:30.0218 0468 EventSystem - ok
20:27:30.0265 0468 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:27:30.0421 0468 Fastfat - ok
20:27:30.0468 0468 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:27:30.0531 0468 FastUserSwitchingCompatibility - ok
20:27:30.0546 0468 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:27:30.0718 0468 Fdc - ok
20:27:30.0734 0468 [ 5FAA391F5B4CD2C38BE7CA270E13B444 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:27:30.0796 0468 FET5X86V - ok
20:27:30.0828 0468 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:27:30.0984 0468 FETNDIS - ok
20:27:31.0000 0468 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:27:31.0140 0468 Fips - ok
20:27:31.0203 0468 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:27:31.0250 0468 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:27:31.0250 0468 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:27:31.0265 0468 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:27:31.0421 0468 Flpydisk - ok
20:27:31.0468 0468 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:27:31.0625 0468 FltMgr - ok
20:27:31.0718 0468 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:27:31.0734 0468 FontCache3.0.0.0 - ok
20:27:31.0750 0468 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:27:31.0921 0468 Fs_Rec - ok
20:27:32.0218 0468 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:27:32.0421 0468 Ftdisk - ok
20:27:32.0500 0468 [ 2973B4EB7BE10A0D491B2037DCAAE88F ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
20:27:32.0515 0468 Garmin Core Update Service - ok
20:27:32.0562 0468 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:27:32.0718 0468 Gpc - ok
20:27:32.0781 0468 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
20:27:32.0812 0468 grmnusb - ok
20:27:32.0843 0468 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:27:33.0000 0468 HDAudBus - ok
20:27:33.0156 0468 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:27:33.0312 0468 helpsvc - ok
20:27:33.0312 0468 HidServ - ok
20:27:33.0328 0468 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:27:33.0500 0468 HidUsb - ok
20:27:33.0531 0468 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:27:33.0703 0468 hkmsvc - ok
20:27:33.0718 0468 [ 944CCB9C681CD4991A7929A9D20AC579 ] hotcore3 C:\WINDOWS\system32\drivers\hotcore3.sys
20:27:33.0734 0468 hotcore3 - ok
20:27:33.0734 0468 hpn - ok
20:27:33.0750 0468 hpt3xx - ok
20:27:33.0781 0468 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:27:33.0843 0468 HTTP - ok
20:27:33.0890 0468 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:27:34.0046 0468 HTTPFilter - ok
20:27:34.0062 0468 i2omgmt - ok
20:27:34.0062 0468 i2omp - ok
20:27:34.0093 0468 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:27:34.0265 0468 i8042prt - ok
20:27:34.0328 0468 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:27:34.0375 0468 idsvc - ok
20:27:34.0421 0468 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:27:34.0578 0468 Imapi - ok
20:27:34.0625 0468 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:27:34.0765 0468 ImapiService - ok
20:27:34.0765 0468 ini910u - ok
20:27:34.0937 0468 [ 915CE2A58C6917E3C53BE1E91FA66BA8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:27:35.0156 0468 IntcAzAudAddService - ok
20:27:35.0156 0468 IntelIde - ok
20:27:35.0203 0468 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:27:35.0359 0468 intelppm - ok
20:27:35.0375 0468 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:27:35.0546 0468 ip6fw - ok
20:27:35.0578 0468 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:27:35.0750 0468 IpFilterDriver - ok
20:27:35.0781 0468 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:27:35.0953 0468 IpInIp - ok
20:27:35.0984 0468 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:27:36.0140 0468 IpNat - ok
20:27:36.0171 0468 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:27:36.0343 0468 IPSec - ok
20:27:36.0375 0468 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:27:36.0453 0468 IRENUM - ok
20:27:36.0500 0468 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:27:36.0656 0468 isapnp - ok
20:27:36.0781 0468 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:27:36.0796 0468 JavaQuickStarterService - ok
20:27:36.0843 0468 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:27:37.0000 0468 Kbdclass - ok
20:27:37.0031 0468 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:27:37.0203 0468 kmixer - ok
20:27:37.0218 0468 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:27:37.0281 0468 KSecDD - ok
20:27:37.0328 0468 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:27:37.0390 0468 lanmanserver - ok
20:27:37.0437 0468 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:27:37.0515 0468 lanmanworkstation - ok
20:27:37.0531 0468 lbrtfdc - ok
20:27:37.0578 0468 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:27:37.0750 0468 LmHosts - ok
20:27:37.0781 0468 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:27:37.0937 0468 Messenger - ok
20:27:37.0984 0468 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:27:38.0171 0468 mnmdd - ok
20:27:38.0187 0468 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:27:38.0343 0468 mnmsrvc - ok
20:27:38.0390 0468 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:27:38.0562 0468 Modem - ok
20:27:38.0578 0468 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:27:38.0765 0468 Mouclass - ok
20:27:38.0781 0468 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:27:38.0937 0468 MountMgr - ok
20:27:39.0000 0468 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:27:39.0031 0468 MozillaMaintenance - ok
20:27:39.0031 0468 mraid35x - ok
20:27:39.0062 0468 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:27:39.0203 0468 MRxDAV - ok
20:27:39.0250 0468 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:27:39.0328 0468 MRxSmb - ok
20:27:39.0343 0468 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:27:39.0515 0468 MSDTC - ok
20:27:39.0531 0468 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:27:39.0671 0468 Msfs - ok
20:27:39.0687 0468 MSIServer - ok
20:27:39.0718 0468 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:27:39.0859 0468 MSKSSRV - ok
20:27:39.0890 0468 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:27:40.0078 0468 MSPCLOCK - ok
20:27:40.0093 0468 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:27:40.0250 0468 MSPQM - ok
20:27:40.0296 0468 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:27:40.0437 0468 mssmbios - ok
20:27:40.0484 0468 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:27:40.0640 0468 MSTEE - ok
20:27:40.0656 0468 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:27:40.0703 0468 Mup - ok
20:27:40.0734 0468 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:27:40.0906 0468 NABTSFEC - ok
20:27:40.0953 0468 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:27:41.0109 0468 napagent - ok
20:27:41.0140 0468 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:27:41.0312 0468 NDIS - ok
20:27:41.0375 0468 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:27:41.0515 0468 NdisIP - ok
20:27:41.0562 0468 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:27:41.0625 0468 NdisTapi - ok
20:27:41.0656 0468 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:27:41.0796 0468 Ndisuio - ok
20:27:41.0812 0468 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:27:41.0953 0468 NdisWan - ok
20:27:42.0000 0468 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:27:42.0062 0468 NDProxy - ok
20:27:42.0171 0468 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:27:42.0218 0468 Nero BackItUp Scheduler 4.0 - ok
20:27:42.0265 0468 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:27:42.0437 0468 NetBIOS - ok
20:27:42.0453 0468 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:27:42.0640 0468 NetBT - ok
20:27:42.0687 0468 [ 521AC031B415AE02C4C18AC5085A32F1 ] NetBurn C:\WINDOWS\system32\DRIVERS\NetBurn.sys
20:27:42.0703 0468 NetBurn - ok
20:27:42.0765 0468 [ 451397251D8BE3CC42AF6E21E0243BED ] NetBurnerService C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
20:27:42.0781 0468 NetBurnerService - ok
20:27:42.0812 0468 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:27:42.0968 0468 NetDDE - ok
20:27:42.0984 0468 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:27:43.0125 0468 NetDDEdsdm - ok
20:27:43.0171 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:27:43.0328 0468 Netlogon - ok
20:27:43.0375 0468 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:27:43.0546 0468 Netman - ok
20:27:43.0578 0468 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:27:43.0609 0468 NetTcpPortSharing - ok
20:27:43.0656 0468 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:27:43.0687 0468 Nla - ok
20:27:43.0734 0468 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:27:43.0906 0468 Npfs - ok
20:27:43.0953 0468 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:27:44.0125 0468 Ntfs - ok
20:27:44.0125 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:27:44.0281 0468 NtLmSsp - ok
20:27:44.0328 0468 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:27:44.0484 0468 NtmsSvc - ok
20:27:44.0515 0468 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:27:44.0687 0468 Null - ok
20:27:44.0718 0468 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:27:44.0875 0468 NwlnkFlt - ok
20:27:44.0875 0468 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:27:45.0046 0468 NwlnkFwd - ok
20:27:45.0109 0468 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:27:45.0125 0468 ose - ok
20:27:45.0171 0468 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:27:45.0328 0468 Parport - ok
20:27:45.0343 0468 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:27:45.0500 0468 PartMgr - ok
20:27:45.0531 0468 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:27:45.0687 0468 ParVdm - ok
20:27:45.0703 0468 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:27:45.0843 0468 PCI - ok
20:27:45.0859 0468 PCIDump - ok
20:27:45.0875 0468 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:27:46.0000 0468 PCIIde - ok
20:27:46.0046 0468 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:27:46.0187 0468 Pcmcia - ok
20:27:46.0203 0468 PDCOMP - ok
20:27:46.0203 0468 PDFRAME - ok
20:27:46.0218 0468 PDRELI - ok
20:27:46.0218 0468 PDRFRAME - ok
20:27:46.0234 0468 perc2 - ok
20:27:46.0234 0468 perc2hib - ok
20:27:46.0281 0468 [ E5AC9F8C128B597DD7919AF96B84172E ] pfc C:\WINDOWS\system32\drivers\pfc.sys
20:27:46.0312 0468 pfc ( UnsignedFile.Multi.Generic ) - warning
20:27:46.0312 0468 pfc - detected UnsignedFile.Multi.Generic (1)
20:27:46.0343 0468 [ E406A33046228BD89F0C2DB5C172F19C ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
20:27:46.0375 0468 PLFlash DeviceIoControl Service - ok
20:27:46.0406 0468 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:27:46.0437 0468 PlugPlay - ok
20:27:46.0468 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:27:46.0609 0468 PolicyAgent - ok
20:27:46.0640 0468 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:27:46.0828 0468 PptpMiniport - ok
20:27:46.0859 0468 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:27:47.0031 0468 Processor - ok
20:27:47.0031 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:27:47.0203 0468 ProtectedStorage - ok
20:27:47.0218 0468 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:27:47.0375 0468 PSched - ok
20:27:47.0453 0468 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:27:47.0625 0468 Ptilink - ok
20:27:47.0640 0468 ql1080 - ok
20:27:47.0640 0468 Ql10wnt - ok
20:27:47.0656 0468 ql12160 - ok
20:27:47.0656 0468 ql1240 - ok
20:27:47.0671 0468 ql1280 - ok
20:27:47.0687 0468 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:27:47.0812 0468 RasAcd - ok
20:27:47.0843 0468 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:27:48.0015 0468 RasAuto - ok
20:27:48.0046 0468 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:27:48.0187 0468 Rasl2tp - ok
20:27:48.0234 0468 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:27:48.0375 0468 RasMan - ok
20:27:48.0390 0468 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:27:48.0546 0468 RasPppoe - ok
20:27:48.0593 0468 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:27:48.0750 0468 Raspti - ok
20:27:48.0796 0468 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:27:48.0953 0468 Rdbss - ok
20:27:48.0984 0468 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:27:49.0156 0468 RDPCDD - ok
20:27:49.0187 0468 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:27:49.0359 0468 rdpdr - ok
20:27:49.0406 0468 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:27:49.0468 0468 RDPWD - ok
20:27:49.0500 0468 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:27:49.0656 0468 RDSessMgr - ok
20:27:49.0687 0468 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:27:49.0843 0468 redbook - ok
20:27:49.0906 0468 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:27:50.0078 0468 RemoteAccess - ok
20:27:50.0109 0468 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:27:50.0265 0468 RemoteRegistry - ok
20:27:50.0296 0468 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
20:27:50.0375 0468 RimUsb - ok
20:27:50.0406 0468 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:27:50.0453 0468 RimVSerPort - ok
20:27:50.0484 0468 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:27:50.0625 0468 ROOTMODEM - ok
20:27:50.0671 0468 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:27:50.0812 0468 RpcLocator - ok
20:27:50.0859 0468 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:27:50.0921 0468 RpcSs - ok
20:27:50.0937 0468 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:27:51.0093 0468 RSVP - ok
20:27:51.0156 0468 [ BE0EA04C57E2B6BDC135DEFFE786B493 ] S3GIGP C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
20:27:51.0218 0468 S3GIGP - ok
20:27:51.0281 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:27:51.0421 0468 SamSs - ok
20:27:51.0484 0468 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:27:51.0640 0468 SCardSvr - ok
20:27:51.0671 0468 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:27:51.0843 0468 Schedule - ok
20:27:51.0890 0468 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:27:51.0968 0468 Secdrv - ok
20:27:52.0015 0468 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:27:52.0171 0468 seclogon - ok
20:27:52.0203 0468 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:27:52.0375 0468 SENS - ok
20:27:52.0421 0468 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:27:52.0562 0468 serenum - ok
20:27:52.0640 0468 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:27:52.0812 0468 Serial - ok
20:27:52.0859 0468 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:27:53.0000 0468 Sfloppy - ok
20:27:53.0046 0468 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:27:53.0218 0468 SharedAccess - ok
20:27:53.0250 0468 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:27:53.0265 0468 ShellHWDetection - ok
20:27:53.0281 0468 Simbad - ok
20:27:53.0468 0468 [ 73E3B5D1F1EB5FDC51A5C3437EEE3348 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:27:53.0578 0468 Skype C2C Service - ok
20:27:53.0656 0468 [ 9CD1BB2DB803B6AC642BD643DDB773BC ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:27:53.0671 0468 SkypeUpdate - ok
20:27:53.0687 0468 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:27:53.0859 0468 SLIP - ok
20:27:53.0875 0468 Sparrow - ok
20:27:53.0921 0468 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:27:54.0078 0468 splitter - ok
20:27:54.0109 0468 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:27:54.0171 0468 Spooler - ok
20:27:54.0218 0468 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:27:54.0296 0468 sr - ok
20:27:54.0343 0468 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:27:54.0421 0468 srservice - ok
20:27:54.0468 0468 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:27:54.0531 0468 Srv - ok
20:27:54.0562 0468 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:27:54.0656 0468 SSDPSRV - ok
20:27:54.0703 0468 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:27:54.0875 0468 stisvc - ok
20:27:54.0921 0468 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:27:55.0078 0468 streamip - ok
20:27:55.0109 0468 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:27:55.0250 0468 swenum - ok
20:27:55.0281 0468 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:27:55.0468 0468 swmidi - ok
20:27:55.0468 0468 SwPrv - ok
20:27:55.0484 0468 symc810 - ok
20:27:55.0484 0468 symc8xx - ok
20:27:55.0500 0468 sym_hi - ok
20:27:55.0500 0468 sym_u3 - ok
20:27:55.0531 0468 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:27:55.0671 0468 sysaudio - ok
20:27:55.0687 0468 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:27:55.0859 0468 SysmonLog - ok
20:27:55.0906 0468 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:27:56.0062 0468 TapiSrv - ok
20:27:56.0109 0468 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:27:56.0156 0468 Tcpip - ok
20:27:56.0187 0468 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:27:56.0343 0468 TDPIPE - ok
20:27:56.0390 0468 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:27:56.0546 0468 TDTCP - ok
20:27:56.0562 0468 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:27:56.0734 0468 TermDD - ok
20:27:56.0765 0468 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:27:56.0906 0468 TermService - ok
20:27:56.0921 0468 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:27:56.0953 0468 Themes - ok
20:27:56.0984 0468 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:27:57.0046 0468 TlntSvr - ok
20:27:57.0062 0468 TosIde - ok
20:27:57.0078 0468 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:27:57.0218 0468 TrkWks - ok
20:27:57.0375 0468 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
20:27:57.0390 0468 uCamMonitor - ok
20:27:57.0453 0468 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:27:57.0578 0468 Udfs - ok
20:27:57.0640 0468 [ 5741D8BC26F43D2761AB45E85317B7AD ] UimBus C:\WINDOWS\system32\DRIVERS\UimBus.sys
20:27:57.0656 0468 UimBus - ok
20:27:57.0671 0468 [ 37A8F2FF6EB760B018C9F987A4E676ED ] Uim_IM C:\WINDOWS\system32\Drivers\Uim_IM.sys
20:27:57.0687 0468 Uim_IM - ok
20:27:57.0687 0468 ultra - ok
20:27:57.0750 0468 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:27:57.0921 0468 Update - ok
20:27:57.0953 0468 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:27:58.0046 0468 upnphost - ok
20:27:58.0078 0468 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:27:58.0234 0468 UPS - ok
20:27:58.0265 0468 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:27:58.0421 0468 usbaudio - ok
20:27:58.0453 0468 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:27:58.0609 0468 usbccgp - ok
20:27:58.0640 0468 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:27:58.0796 0468 usbehci - ok
20:27:58.0828 0468 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:27:58.0984 0468 usbhub - ok
20:27:59.0015 0468 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:27:59.0171 0468 usbscan - ok
20:27:59.0203 0468 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:27:59.0343 0468 USBSTOR - ok
20:27:59.0390 0468 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:27:59.0546 0468 usbuhci - ok
20:27:59.0593 0468 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:27:59.0750 0468 usbvideo - ok
20:27:59.0750 0468 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:27:59.0906 0468 VgaSave - ok
20:27:59.0937 0468 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:27:59.0984 0468 viaagp1 - ok
20:28:00.0000 0468 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:28:00.0156 0468 ViaIde - ok
20:28:00.0171 0468 [ FD85C55B66797542A8C8A7348ED0675A ] ViBus C:\WINDOWS\system32\DRIVERS\ViBus.sys
20:28:00.0218 0468 ViBus - ok
20:28:00.0234 0468 [ 510B5097E81CD36D603D7D5C93820BBD ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
20:28:00.0265 0468 videX32 - ok
20:28:00.0265 0468 [ 7C69B1B6DEC5F8584AA352E522AF1476 ] ViPrt C:\WINDOWS\system32\DRIVERS\ViPrt.sys
20:28:00.0281 0468 ViPrt - ok
20:28:00.0312 0468 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:28:00.0453 0468 VolSnap - ok
20:28:00.0484 0468 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:28:00.0578 0468 VSS - ok
20:28:00.0609 0468 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:28:00.0781 0468 W32Time - ok
20:28:00.0812 0468 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:28:00.0968 0468 Wanarp - ok
20:28:01.0015 0468 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:28:01.0046 0468 Wdf01000 - ok
20:28:01.0046 0468 WDICA - ok
20:28:01.0062 0468 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:28:01.0218 0468 wdmaud - ok
20:28:01.0250 0468 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:28:01.0390 0468 WebClient - ok
20:28:01.0437 0468 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
20:28:01.0453 0468 WimFltr - ok
20:28:01.0578 0468 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:28:01.0734 0468 winmgmt - ok
20:28:01.0781 0468 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:28:01.0890 0468 WinRM - ok
20:28:01.0968 0468 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:28:01.0984 0468 WmdmPmSN - ok
20:28:02.0031 0468 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:28:02.0093 0468 Wmi - ok
20:28:02.0125 0468 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:28:02.0281 0468 WmiApSrv - ok
20:28:02.0375 0468 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:28:02.0468 0468 WMPNetworkSvc - ok
20:28:02.0531 0468 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:28:02.0562 0468 WpdUsb - ok
20:28:02.0656 0468 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:28:02.0687 0468 WPFFontCache_v0400 - ok
20:28:02.0734 0468 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:28:02.0890 0468 WS2IFSL - ok
20:28:02.0921 0468 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:28:03.0078 0468 wscsvc - ok
20:28:03.0078 0468 WSearch - ok
20:28:03.0125 0468 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:28:03.0265 0468 WSTCODEC - ok
20:28:03.0296 0468 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:28:03.0453 0468 wuauserv - ok
20:28:03.0484 0468 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:28:03.0546 0468 WudfPf - ok
20:28:03.0578 0468 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:28:03.0609 0468 WudfRd - ok
20:28:03.0640 0468 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:28:03.0671 0468 WudfSvc - ok
20:28:03.0718 0468 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:28:03.0875 0468 WZCSVC - ok
20:28:03.0890 0468 [ A1B2B0211441F9C822F8CBC0C2D1B41E ] xfilt C:\WINDOWS\system32\DRIVERS\xfilt.sys
20:28:03.0984 0468 xfilt - ok
20:28:04.0015 0468 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:28:04.0187 0468 xmlprov - ok
20:28:04.0187 0468 ================ Scan global ===============================
20:28:04.0234 0468 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:28:04.0281 0468 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:28:04.0296 0468 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:28:04.0312 0468 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:28:04.0312 0468 [Global] - ok
20:28:04.0312 0468 ================ Scan MBR ==================================
20:28:04.0328 0468 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:28:04.0515 0468 \Device\Harddisk0\DR0 - ok
20:28:04.0515 0468 ================ Scan VBR ==================================
20:28:04.0515 0468 [ 019CEAD7C7D09E32817CCFDB97F5B018 ] \Device\Harddisk0\DR0\Partition1
20:28:04.0515 0468 \Device\Harddisk0\DR0\Partition1 - ok
20:28:04.0515 0468 ================ Scan active images ========================
20:28:04.0515 0468 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
20:28:04.0515 0468 C:\WINDOWS\system32\drivers\intelppm.sys - ok
20:28:04.0531 0468 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
20:28:04.0531 0468 C:\WINDOWS\system32\drivers\videoprt.sys - ok
20:28:04.0531 0468 [ BE0EA04C57E2B6BDC135DEFFE786B493 ] C:\WINDOWS\system32\drivers\S3gIGPm.sys
20:28:04.0531 0468 C:\WINDOWS\system32\drivers\S3gIGPm.sys - ok
20:28:04.0531 0468 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
20:28:04.0531 0468 C:\WINDOWS\system32\drivers\usbport.sys - ok
20:28:04.0546 0468 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
20:28:04.0546 0468 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
20:28:04.0546 0468 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
20:28:04.0546 0468 C:\WINDOWS\system32\drivers\usbehci.sys - ok
20:28:04.0562 0468 [ 5FAA391F5B4CD2C38BE7CA270E13B444 ] C:\WINDOWS\system32\drivers\fetnd5bv.sys
20:28:04.0562 0468 C:\WINDOWS\system32\drivers\fetnd5bv.sys - ok
20:28:04.0562 0468 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
20:28:04.0562 0468 C:\WINDOWS\system32\drivers\fdc.sys - ok
20:28:04.0562 0468 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
20:28:04.0562 0468 C:\WINDOWS\system32\drivers\serial.sys - ok
20:28:04.0578 0468 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
20:28:04.0578 0468 C:\WINDOWS\system32\drivers\serenum.sys - ok
20:28:04.0578 0468 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
20:28:04.0578 0468 C:\WINDOWS\system32\drivers\parport.sys - ok
20:28:04.0578 0468 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
20:28:04.0578 0468 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
20:28:04.0593 0468 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
20:28:04.0593 0468 C:\WINDOWS\system32\drivers\mouclass.sys - ok
20:28:04.0593 0468 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
20:28:04.0593 0468 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
20:28:04.0609 0468 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
20:28:04.0609 0468 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
20:28:04.0609 0468 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
20:28:04.0609 0468 C:\WINDOWS\system32\drivers\audstub.sys - ok
20:28:04.0609 0468 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] C:\WINDOWS\system32\drivers\rootmdm.sys
20:28:04.0609 0468 C:\WINDOWS\system32\drivers\rootmdm.sys - ok
20:28:04.0625 0468 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
20:28:04.0625 0468 C:\WINDOWS\system32\drivers\modem.sys - ok
20:28:04.0625 0468 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
20:28:04.0625 0468 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
20:28:04.0625 0468 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
20:28:04.0625 0468 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
20:28:04.0640 0468 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
20:28:04.0640 0468 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
20:28:04.0640 0468 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
20:28:04.0640 0468 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
20:28:04.0640 0468 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
20:28:04.0640 0468 C:\WINDOWS\system32\drivers\tdi.sys - ok
20:28:04.0656 0468 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
20:28:04.0656 0468 C:\WINDOWS\system32\drivers\raspptp.sys - ok
20:28:04.0656 0468 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
20:28:04.0656 0468 C:\WINDOWS\system32\drivers\psched.sys - ok
20:28:04.0656 0468 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
20:28:04.0656 0468 C:\WINDOWS\system32\drivers\msgpc.sys - ok
20:28:04.0671 0468 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
20:28:04.0671 0468 C:\WINDOWS\system32\drivers\ptilink.sys - ok
20:28:04.0671 0468 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
20:28:04.0671 0468 C:\WINDOWS\system32\drivers\raspti.sys - ok
20:28:04.0687 0468 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] C:\WINDOWS\system32\drivers\RimSerial.sys
20:28:04.0687 0468 C:\WINDOWS\system32\drivers\RimSerial.sys - ok
20:28:04.0687 0468 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
20:28:04.0687 0468 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
20:28:04.0687 0468 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
20:28:04.0687 0468 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
20:28:04.0703 0468 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
20:28:04.0703 0468 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
20:28:04.0703 0468 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
20:28:04.0703 0468 C:\WINDOWS\system32\drivers\termdd.sys - ok
20:28:04.0703 0468 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
20:28:04.0703 0468 C:\WINDOWS\system32\drivers\ks.sys - ok
20:28:04.0718 0468 [ 521AC031B415AE02C4C18AC5085A32F1 ] C:\WINDOWS\system32\drivers\NetBurn.sys
20:28:04.0718 0468 C:\WINDOWS\system32\drivers\NetBurn.sys - ok
20:28:04.0718 0468 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
20:28:04.0718 0468 C:\WINDOWS\system32\drivers\swenum.sys - ok
20:28:04.0734 0468 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
20:28:04.0734 0468 C:\WINDOWS\system32\drivers\update.sys - ok
20:28:04.0734 0468 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
20:28:04.0734 0468 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
20:28:04.0734 0468 [ E5AC9F8C128B597DD7919AF96B84172E ] C:\WINDOWS\system32\drivers\pfc.sys
20:28:04.0734 0468 C:\WINDOWS\system32\drivers\pfc.sys - ok
20:28:04.0750 0468 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
20:28:04.0750 0468 C:\WINDOWS\system32\drivers\cdrom.sys - ok
20:28:04.0750 0468 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
20:28:04.0750 0468 C:\WINDOWS\system32\drivers\redbook.sys - ok
20:28:04.0750 0468 [ 5741D8BC26F43D2761AB45E85317B7AD ] C:\WINDOWS\system32\drivers\UimBus.sys
20:28:04.0750 0468 C:\WINDOWS\system32\drivers\UimBus.sys - ok
20:28:04.0765 0468 [ A2030DF46C7AB6052582BE6C51E5D2DE ] C:\WINDOWS\system32\drivers\UimFIO.sys
20:28:04.0765 0468 C:\WINDOWS\system32\drivers\UimFIO.sys - ok
20:28:04.0765 0468 [ 37A8F2FF6EB760B018C9F987A4E676ED ] C:\WINDOWS\system32\drivers\Uim_IM.sys
20:28:04.0765 0468 C:\WINDOWS\system32\drivers\Uim_IM.sys - ok
20:28:04.0781 0468 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
20:28:04.0781 0468 C:\WINDOWS\system32\drivers\drmk.sys - ok
20:28:04.0781 0468 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
20:28:04.0781 0468 C:\WINDOWS\system32\drivers\portcls.sys - ok
20:28:04.0781 0468 [ 915CE2A58C6917E3C53BE1E91FA66BA8 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:28:04.0781 0468 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
20:28:04.0796 0468 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
20:28:04.0796 0468 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
20:28:04.0796 0468 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
20:28:04.0796 0468 C:\WINDOWS\system32\drivers\usbd.sys - ok
20:28:04.0796 0468 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
20:28:04.0796 0468 C:\WINDOWS\system32\drivers\usbhub.sys - ok
20:28:04.0812 0468 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
20:28:04.0812 0468 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
20:28:04.0812 0468 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
20:28:04.0812 0468 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
20:28:04.0812 0468 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
20:28:04.0812 0468 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
20:28:04.0828 0468 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
20:28:04.0828 0468 C:\WINDOWS\system32\drivers\beep.sys - ok
20:28:04.0828 0468 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
20:28:04.0828 0468 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
20:28:04.0843 0468 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
20:28:04.0843 0468 C:\WINDOWS\system32\drivers\null.sys - ok
20:28:04.0843 0468 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
20:28:04.0843 0468 C:\WINDOWS\system32\drivers\vga.sys - ok
20:28:04.0843 0468 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:04.0843 0468 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
20:28:04.0859 0468 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
20:28:04.0859 0468 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
20:28:04.0859 0468 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] C:\WINDOWS\system32\drivers\usbvideo.sys
20:28:04.0859 0468 C:\WINDOWS\system32\drivers\usbvideo.sys - ok
20:28:04.0859 0468 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys
20:28:04.0859 0468 C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys - ok
20:28:04.0875 0468 [ E919708DB44ED8543A7C017953148330 ] C:\WINDOWS\system32\drivers\USBAUDIO.sys
20:28:04.0875 0468 C:\WINDOWS\system32\drivers\USBAUDIO.sys - ok
20:28:04.0875 0468 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
20:28:04.0875 0468 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
20:28:04.0890 0468 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
20:28:04.0890 0468 C:\WINDOWS\system32\drivers\msfs.sys - ok
20:28:04.0890 0468 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
20:28:04.0890 0468 C:\WINDOWS\system32\drivers\npfs.sys - ok
20:28:04.0890 0468 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
20:28:04.0890 0468 C:\WINDOWS\system32\drivers\ipsec.sys - ok
20:28:04.0906 0468 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
20:28:04.0906 0468 C:\WINDOWS\system32\drivers\rasacd.sys - ok
20:28:04.0906 0468 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
20:28:04.0906 0468 C:\WINDOWS\system32\drivers\tcpip.sys - ok
20:28:04.0906 0468 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
20:28:04.0906 0468 C:\WINDOWS\system32\drivers\ipnat.sys - ok
20:28:04.0921 0468 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
20:28:04.0921 0468 C:\WINDOWS\system32\drivers\netbt.sys - ok
20:28:04.0921 0468 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
20:28:04.0921 0468 C:\WINDOWS\system32\drivers\wanarp.sys - ok
20:28:04.0921 0468 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:28:04.0921 0468 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
20:28:04.0937 0468 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
20:28:04.0937 0468 C:\WINDOWS\system32\drivers\afd.sys - ok
20:28:04.0937 0468 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
20:28:04.0937 0468 C:\WINDOWS\system32\drivers\netbios.sys - ok
20:28:04.0937 0468 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
20:28:04.0937 0468 C:\WINDOWS\system32\drivers\processr.sys - ok
20:28:04.0953 0468 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
20:28:04.0953 0468 C:\WINDOWS\system32\drivers\rdbss.sys - ok
20:28:04.0953 0468 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
20:28:04.0953 0468 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
20:28:04.0968 0468 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
20:28:04.0968 0468 C:\WINDOWS\system32\drivers\imapi.sys - ok
20:28:04.0968 0468 [ BE5D50529799B9BAB6BE879EC768B6CF ] C:\WINDOWS\system32\drivers\BIOS.sys
20:28:04.0968 0468 C:\WINDOWS\system32\drivers\BIOS.sys - ok
20:28:04.0968 0468 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
20:28:04.0968 0468 C:\WINDOWS\system32\drivers\fips.sys - ok
20:28:04.0984 0468 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
20:28:04.0984 0468 C:\WINDOWS\system32\ntdll.dll - ok
20:28:04.0984 0468 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
20:28:04.0984 0468 C:\WINDOWS\system32\smss.exe - ok
20:28:04.0984 0468 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
20:28:04.0984 0468 C:\WINDOWS\system32\autochk.exe - ok
20:28:05.0000 0468 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
20:28:05.0000 0468 C:\WINDOWS\system32\sfcfiles.dll - ok
20:28:05.0000 0468 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
20:28:05.0000 0468 C:\WINDOWS\system32\drivers\cdfs.sys - ok
20:28:05.0015 0468 [ 7C69B1B6DEC5F8584AA352E522AF1476 ] C:\WINDOWS\system32\drivers\ViPrt.sys
20:28:05.0015 0468 C:\WINDOWS\system32\drivers\ViPrt.sys - ok
20:28:05.0015 0468 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
20:28:05.0015 0468 C:\WINDOWS\system32\drivers\dxapi.sys - ok
20:28:05.0015 0468 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
20:28:05.0015 0468 C:\WINDOWS\system32\watchdog.sys - ok
20:28:05.0031 0468 [ C39711FE4E2829092026D07E3ED08D43 ] C:\WINDOWS\system32\win32k.sys
20:28:05.0031 0468 C:\WINDOWS\system32\win32k.sys - ok
20:28:05.0031 0468 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
20:28:05.0031 0468 C:\WINDOWS\system32\csrsrv.dll - ok
20:28:05.0031 0468 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
20:28:05.0031 0468 C:\WINDOWS\system32\csrss.exe - ok
20:28:05.0046 0468 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:28:05.0046 0468 C:\WINDOWS\system32\basesrv.dll - ok
20:28:05.0046 0468 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:28:05.0046 0468 C:\WINDOWS\system32\winsrv.dll - ok
20:28:05.0046 0468 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
20:28:05.0062 0468 C:\WINDOWS\system32\gdi32.dll - ok
20:28:05.0062 0468 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
20:28:05.0062 0468 C:\WINDOWS\system32\kernel32.dll - ok
20:28:05.0062 0468 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
20:28:05.0062 0468 C:\WINDOWS\system32\user32.dll - ok
20:28:05.0078 0468 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
20:28:05.0078 0468 C:\WINDOWS\system32\drivers\dxg.sys - ok
20:28:05.0078 0468 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
20:28:05.0078 0468 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
20:28:05.0078 0468 [ C9430A6BDB28A16517A0082CB264D1B2 ] C:\WINDOWS\system32\S3gIGP.dll
20:28:05.0078 0468 C:\WINDOWS\system32\S3gIGP.dll - ok
20:28:05.0093 0468 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
20:28:05.0093 0468 C:\WINDOWS\system32\vga.dll - ok
20:28:05.0093 0468 [ 36E079A11054926ADBABFE8F15D6925B ] C:\WINDOWS\system32\s3ginv.dll
20:28:05.0093 0468 C:\WINDOWS\system32\s3ginv.dll - ok
20:28:05.0093 0468 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
20:28:05.0093 0468 C:\WINDOWS\system32\winlogon.exe - ok
20:28:05.0109 0468 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
20:28:05.0109 0468 C:\WINDOWS\system32\advapi32.dll - ok
20:28:05.0109 0468 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
20:28:05.0109 0468 C:\WINDOWS\system32\rpcrt4.dll - ok
20:28:05.0125 0468 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
20:28:05.0125 0468 C:\WINDOWS\system32\secur32.dll - ok
20:28:05.0125 0468 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
20:28:05.0125 0468 C:\WINDOWS\system32\authz.dll - ok
20:28:05.0125 0468 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
20:28:05.0125 0468 C:\WINDOWS\system32\msvcrt.dll - ok
20:28:05.0140 0468 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll
20:28:05.0140 0468 C:\WINDOWS\system32\crypt32.dll - ok
20:28:05.0140 0468 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
20:28:05.0140 0468 C:\WINDOWS\system32\msasn1.dll - ok
20:28:05.0140 0468 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
20:28:05.0140 0468 C:\WINDOWS\system32\nddeapi.dll - ok
20:28:05.0156 0468 [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
20:28:05.0156 0468 C:\WINDOWS\system32\netapi32.dll - ok
20:28:05.0156 0468 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
20:28:05.0156 0468 C:\WINDOWS\system32\profmap.dll - ok
20:28:05.0156 0468 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
20:28:05.0156 0468 C:\WINDOWS\system32\userenv.dll - ok
20:28:05.0171 0468 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
20:28:05.0171 0468 C:\WINDOWS\system32\psapi.dll - ok
20:28:05.0171 0468 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
20:28:05.0171 0468 C:\WINDOWS\system32\regapi.dll - ok
20:28:05.0171 0468 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
20:28:05.0171 0468 C:\WINDOWS\system32\setupapi.dll - ok
20:28:05.0187 0468 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
20:28:05.0187 0468 C:\WINDOWS\system32\version.dll - ok
20:28:05.0187 0468 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
20:28:05.0187 0468 C:\WINDOWS\system32\winsta.dll - ok
20:28:05.0203 0468 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
20:28:05.0203 0468 C:\WINDOWS\system32\imagehlp.dll - ok
20:28:05.0203 0468 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
20:28:05.0203 0468 C:\WINDOWS\system32\wintrust.dll - ok
20:28:05.0203 0468 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
20:28:05.0203 0468 C:\WINDOWS\system32\ws2help.dll - ok
20:28:05.0218 0468 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
20:28:05.0218 0468 C:\WINDOWS\system32\ws2_32.dll - ok
20:28:05.0218 0468 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
20:28:05.0218 0468 C:\WINDOWS\system32\imm32.dll - ok
20:28:05.0218 0468 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
20:28:05.0218 0468 C:\WINDOWS\system32\kbdus.dll - ok
20:28:05.0234 0468 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
20:28:05.0234 0468 C:\WINDOWS\system32\msgina.dll - ok
20:28:05.0234 0468 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
20:28:05.0234 0468 C:\WINDOWS\system32\comctl32.dll - ok
20:28:05.0250 0468 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
20:28:05.0250 0468 C:\WINDOWS\system32\odbc32.dll - ok
20:28:05.0250 0468 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
20:28:05.0250 0468 C:\WINDOWS\system32\comdlg32.dll - ok
20:28:05.0250 0468 [ E86423AA9AA8C382AF02B94A058DC2AA ] C:\WINDOWS\system32\shell32.dll
20:28:05.0250 0468 C:\WINDOWS\system32\shell32.dll - ok
20:28:05.0265 0468 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
20:28:05.0265 0468 C:\WINDOWS\system32\shlwapi.dll - ok
20:28:05.0265 0468 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
20:28:05.0265 0468 C:\WINDOWS\system32\sxs.dll - ok
20:28:05.0265 0468 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
20:28:05.0265 0468 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
20:28:05.0281 0468 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
20:28:05.0281 0468 C:\WINDOWS\system32\odbcint.dll - ok
20:28:05.0281 0468 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
20:28:05.0281 0468 C:\WINDOWS\system32\sfc.dll - ok
20:28:05.0281 0468 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
20:28:05.0296 0468 C:\WINDOWS\system32\shsvcs.dll - ok
20:28:05.0296 0468 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
20:28:05.0296 0468 C:\WINDOWS\system32\ole32.dll - ok
20:28:05.0296 0468 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
20:28:05.0296 0468 C:\WINDOWS\system32\sfc_os.dll - ok
20:28:05.0312 0468 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
20:28:05.0312 0468 C:\WINDOWS\system32\apphelp.dll - ok
20:28:05.0312 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
20:28:05.0312 0468 C:\WINDOWS\system32\lsass.exe - ok
20:28:05.0312 0468 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:28:05.0312 0468 C:\WINDOWS\system32\services.exe - ok
20:28:05.0328 0468 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
20:28:05.0328 0468 C:\WINDOWS\system32\lsasrv.dll - ok
20:28:05.0328 0468 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
20:28:05.0328 0468 C:\WINDOWS\system32\ncobjapi.dll - ok
20:28:05.0328 0468 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
20:28:05.0328 0468 C:\WINDOWS\system32\msvcp60.dll - ok
20:28:05.0343 0468 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
20:28:05.0343 0468 C:\WINDOWS\system32\scesrv.dll - ok
20:28:05.0343 0468 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
20:28:05.0343 0468 C:\WINDOWS\system32\mpr.dll - ok
20:28:05.0359 0468 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
20:28:05.0359 0468 C:\WINDOWS\system32\dnsapi.dll - ok
20:28:05.0359 0468 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
20:28:05.0359 0468 C:\WINDOWS\system32\ntdsapi.dll - ok
20:28:05.0359 0468 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
20:28:05.0359 0468 C:\WINDOWS\system32\umpnpmgr.dll - ok
20:28:05.0375 0468 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
20:28:05.0375 0468 C:\WINDOWS\AppPatch\acadproc.dll - ok
20:28:05.0375 0468 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
20:28:05.0375 0468 C:\WINDOWS\system32\samlib.dll - ok
20:28:05.0375 0468 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
20:28:05.0375 0468 C:\WINDOWS\system32\samsrv.dll - ok
20:28:05.0390 0468 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
20:28:05.0390 0468 C:\WINDOWS\system32\shimeng.dll - ok
20:28:05.0390 0468 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
20:28:05.0390 0468 C:\WINDOWS\system32\wldap32.dll - ok
20:28:05.0406 0468 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
20:28:05.0406 0468 C:\WINDOWS\system32\cryptdll.dll - ok
20:28:05.0406 0468 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
20:28:05.0406 0468 C:\WINDOWS\AppPatch\acgenral.dll - ok
20:28:05.0406 0468 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
20:28:05.0406 0468 C:\WINDOWS\system32\oleaut32.dll - ok
20:28:05.0421 0468 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
20:28:05.0421 0468 C:\WINDOWS\system32\winmm.dll - ok
20:28:05.0421 0468 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
20:28:05.0421 0468 C:\WINDOWS\system32\msacm32.dll - ok
20:28:05.0421 0468 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
20:28:05.0421 0468 C:\WINDOWS\system32\uxtheme.dll - ok
20:28:05.0437 0468 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
20:28:05.0437 0468 C:\WINDOWS\system32\msapsspc.dll - ok
20:28:05.0437 0468 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
20:28:05.0437 0468 C:\WINDOWS\system32\msvcrt40.dll - ok
20:28:05.0453 0468 [ A645A78FCDABAD67067324D7E6CD9F79 ] C:\WINDOWS\system32\schannel.dll
20:28:05.0453 0468 C:\WINDOWS\system32\schannel.dll - ok
20:28:05.0453 0468 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
20:28:05.0453 0468 C:\WINDOWS\system32\digest.dll - ok
20:28:05.0453 0468 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
20:28:05.0453 0468 C:\WINDOWS\system32\msnsspc.dll - ok
20:28:05.0468 0468 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
20:28:05.0468 0468 C:\WINDOWS\system32\kerberos.dll - ok
20:28:05.0468 0468 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
20:28:05.0468 0468 C:\WINDOWS\system32\msctfime.ime - ok
20:28:05.0468 0468 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
20:28:05.0468 0468 C:\WINDOWS\system32\msprivs.dll - ok
20:28:05.0484 0468 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
20:28:05.0484 0468 C:\WINDOWS\system32\msv1_0.dll - ok
20:28:05.0484 0468 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
20:28:05.0484 0468 C:\WINDOWS\system32\atmfd.dll - ok
20:28:05.0500 0468 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
20:28:05.0500 0468 C:\WINDOWS\system32\iphlpapi.dll - ok
20:28:05.0500 0468 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
20:28:05.0500 0468 C:\WINDOWS\system32\netlogon.dll - ok
20:28:05.0500 0468 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
20:28:05.0500 0468 C:\WINDOWS\system32\w32time.dll - ok
20:28:05.0515 0468 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
20:28:05.0515 0468 C:\WINDOWS\system32\rsaenh.dll - ok
20:28:05.0515 0468 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
20:28:05.0515 0468 C:\WINDOWS\system32\wdigest.dll - ok
20:28:05.0515 0468 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
20:28:05.0515 0468 C:\WINDOWS\system32\winscard.dll - ok
20:28:05.0531 0468 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
20:28:05.0531 0468 C:\WINDOWS\system32\wtsapi32.dll - ok
20:28:05.0531 0468 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
20:28:05.0531 0468 C:\WINDOWS\system32\scecli.dll - ok
20:28:05.0531 0468 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
20:28:05.0531 0468 C:\WINDOWS\system32\svchost.exe - ok
20:28:05.0546 0468 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
20:28:05.0546 0468 C:\WINDOWS\system32\ntmarta.dll - ok
20:28:05.0546 0468 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
20:28:05.0546 0468 C:\WINDOWS\system32\rpcss.dll - ok
20:28:05.0562 0468 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
20:28:05.0562 0468 C:\WINDOWS\system32\xpsp2res.dll - ok
20:28:05.0562 0468 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
20:28:05.0562 0468 C:\WINDOWS\system32\eventlog.dll - ok
20:28:05.0562 0468 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
20:28:05.0562 0468 C:\WINDOWS\system32\mswsock.dll - ok
20:28:05.0578 0468 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
20:28:05.0578 0468 C:\WINDOWS\system32\hnetcfg.dll - ok
20:28:05.0578 0468 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
20:28:05.0578 0468 C:\WINDOWS\system32\wshtcpip.dll - ok
20:28:05.0578 0468 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
20:28:05.0578 0468 C:\WINDOWS\system32\winrnr.dll - ok
20:28:05.0593 0468 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
20:28:05.0593 0468 C:\WINDOWS\system32\rasadhlp.dll - ok
20:28:05.0593 0468 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
20:28:05.0593 0468 C:\WINDOWS\system32\WudfSvc.dll - ok
20:28:05.0593 0468 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
20:28:05.0593 0468 C:\WINDOWS\system32\WudfPlatform.dll - ok
20:28:05.0609 0468 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
20:28:05.0609 0468 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
20:28:05.0609 0468 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
20:28:05.0609 0468 C:\WINDOWS\system32\dhcpcsvc.dll - ok
20:28:05.0625 0468 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
20:28:05.0625 0468 C:\WINDOWS\system32\dnsrslvr.dll - ok
20:28:05.0625 0468 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
20:28:05.0625 0468 C:\WINDOWS\system32\lmhsvc.dll - ok
20:28:05.0625 0468 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
20:28:05.0625 0468 C:\WINDOWS\system32\wzcsvc.dll - ok
20:28:05.0640 0468 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
20:28:05.0640 0468 C:\WINDOWS\system32\eapolqec.dll - ok
20:28:05.0640 0468 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
20:28:05.0640 0468 C:\WINDOWS\system32\rtutils.dll - ok
20:28:05.0640 0468 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
20:28:05.0640 0468 C:\WINDOWS\system32\wmi.dll - ok
20:28:05.0656 0468 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
20:28:05.0656 0468 C:\WINDOWS\system32\atl.dll - ok
20:28:05.0656 0468 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
20:28:05.0656 0468 C:\WINDOWS\system32\qutil.dll - ok
20:28:05.0656 0468 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
20:28:05.0656 0468 C:\WINDOWS\system32\dot3api.dll - ok
20:28:05.0671 0468 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
20:28:05.0671 0468 C:\WINDOWS\system32\esent.dll - ok
20:28:05.0671 0468 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
20:28:05.0671 0468 C:\WINDOWS\system32\clbcatq.dll - ok
20:28:05.0671 0468 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
20:28:05.0671 0468 C:\WINDOWS\system32\comres.dll - ok
20:28:05.0687 0468 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
20:28:05.0687 0468 C:\WINDOWS\system32\logonui.exe - ok
20:28:05.0687 0468 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
20:28:05.0687 0468 C:\WINDOWS\system32\rastls.dll - ok
20:28:05.0703 0468 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
20:28:05.0703 0468 C:\WINDOWS\system32\cryptui.dll - ok
20:28:05.0703 0468 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
20:28:05.0703 0468 C:\WINDOWS\system32\cscdll.dll - ok
20:28:05.0703 0468 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
20:28:05.0703 0468 C:\WINDOWS\system32\dimsntfy.dll - ok
20:28:05.0718 0468 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
20:28:05.0718 0468 C:\WINDOWS\system32\winspool.drv - ok
20:28:05.0718 0468 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
20:28:05.0718 0468 C:\WINDOWS\system32\wlnotify.dll - ok
20:28:05.0718 0468 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
20:28:05.0718 0468 C:\WINDOWS\system32\duser.dll - ok
20:28:05.0734 0468 [ 6B1774334E2975AA60596E54F5EA1430 ] C:\WINDOWS\system32\wininet.dll
20:28:05.0734 0468 C:\WINDOWS\system32\wininet.dll - ok
20:28:05.0734 0468 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
20:28:05.0734 0468 C:\WINDOWS\system32\msimg32.dll - ok
20:28:05.0750 0468 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
20:28:05.0750 0468 C:\WINDOWS\system32\oleacc.dll - ok
20:28:05.0750 0468 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
20:28:05.0750 0468 C:\WINDOWS\system32\WgaLogon.dll - ok
20:28:05.0750 0468 [ 0AD792A78419867BF5D750853D80FA11 ] C:\WINDOWS\system32\msxml3.dll
20:28:05.0750 0468 C:\WINDOWS\system32\msxml3.dll - ok
20:28:05.0765 0468 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
20:28:05.0765 0468 C:\WINDOWS\system32\normaliz.dll - ok
20:28:05.0765 0468 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
20:28:05.0765 0468 C:\WINDOWS\system32\shgina.dll - ok
20:28:05.0765 0468 [ FDF44991CB9A33C901FFCBDF19CE95BE ] C:\WINDOWS\system32\urlmon.dll
20:28:05.0765 0468 C:\WINDOWS\system32\urlmon.dll - ok
20:28:05.0781 0468 [ AD850C33A8AC45CF66574E62D1645272 ] C:\WINDOWS\system32\iertutil.dll
20:28:05.0781 0468 C:\WINDOWS\system32\iertutil.dll - ok
20:28:05.0781 0468 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
20:28:05.0781 0468 C:\WINDOWS\system32\activeds.dll - ok
20:28:05.0796 0468 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
20:28:05.0796 0468 C:\WINDOWS\system32\mprapi.dll - ok
20:28:05.0796 0468 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
20:28:05.0796 0468 C:\WINDOWS\system32\adsldpc.dll - ok
20:28:05.0796 0468 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
20:28:05.0796 0468 C:\WINDOWS\system32\rasapi32.dll - ok
20:28:05.0812 0468 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
20:28:05.0812 0468 C:\WINDOWS\system32\rasman.dll - ok
20:28:05.0812 0468 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
20:28:05.0812 0468 C:\WINDOWS\system32\tapi32.dll - ok
20:28:05.0812 0468 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
20:28:05.0812 0468 C:\WINDOWS\system32\riched20.dll - ok
20:28:05.0828 0468 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
20:28:05.0828 0468 C:\WINDOWS\system32\schedsvc.dll - ok
20:28:05.0828 0468 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
20:28:05.0828 0468 C:\WINDOWS\system32\raschap.dll - ok
20:28:05.0828 0468 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
20:28:05.0828 0468 C:\WINDOWS\system32\cscui.dll - ok
20:28:05.0843 0468 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
20:28:05.0843 0468 C:\WINDOWS\system32\msidle.dll - ok
20:28:05.0843 0468 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
20:28:05.0843 0468 C:\WINDOWS\system32\netman.dll - ok
20:28:05.0859 0468 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
20:28:05.0859 0468 C:\WINDOWS\system32\powrprof.dll - ok
20:28:05.0859 0468 [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
20:28:05.0859 0468 C:\WINDOWS\system32\dpcdll.dll - ok
20:28:05.0859 0468 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
20:28:05.0859 0468 C:\WINDOWS\system32\netshell.dll - ok
20:28:05.0875 0468 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
20:28:05.0875 0468 C:\WINDOWS\system32\spoolsv.exe - ok
20:28:05.0875 0468 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
20:28:05.0875 0468 C:\WINDOWS\system32\drprov.dll - ok
20:28:05.0875 0468 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
20:28:05.0875 0468 C:\WINDOWS\system32\netui0.dll - ok
20:28:05.0890 0468 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
20:28:05.0890 0468 C:\WINDOWS\system32\ntlanman.dll - ok
20:28:05.0890 0468 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
20:28:05.0890 0468 C:\WINDOWS\system32\credui.dll - ok
20:28:05.0906 0468 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
20:28:05.0906 0468 C:\WINDOWS\system32\netui1.dll - ok
20:28:05.0906 0468 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
20:28:05.0906 0468 C:\WINDOWS\system32\dot3dlg.dll - ok
20:28:05.0906 0468 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
20:28:05.0906 0468 C:\WINDOWS\system32\netrap.dll - ok
20:28:05.0906 0468 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
20:28:05.0906 0468 C:\WINDOWS\system32\davclnt.dll - ok
20:28:05.0921 0468 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
20:28:05.0921 0468 C:\WINDOWS\system32\onex.dll - ok
20:28:05.0921 0468 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
20:28:05.0921 0468 C:\WINDOWS\system32\eappcfg.dll - ok
20:28:05.0937 0468 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
20:28:05.0937 0468 C:\WINDOWS\system32\eappprxy.dll - ok
20:28:05.0937 0468 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
20:28:05.0937 0468 C:\WINDOWS\system32\mprui.dll - ok
20:28:05.0937 0468 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
20:28:05.0937 0468 C:\WINDOWS\system32\netui2.dll - ok
20:28:05.0953 0468 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
20:28:05.0953 0468 C:\WINDOWS\system32\wzcsapi.dll - ok
20:28:05.0953 0468 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
20:28:05.0953 0468 C:\WINDOWS\system32\netmsg.dll - ok
20:28:05.0953 0468 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
20:28:05.0953 0468 C:\WINDOWS\system32\audiosrv.dll - ok
20:28:05.0968 0468 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
20:28:05.0968 0468 C:\WINDOWS\system32\wkssvc.dll - ok
20:28:05.0968 0468 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
20:28:05.0968 0468 C:\WINDOWS\system32\wdmaud.drv - ok
20:28:05.0984 0468 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
20:28:05.0984 0468 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
20:28:05.0984 0468 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
20:28:05.0984 0468 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
20:28:05.0984 0468 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
20:28:05.0984 0468 C:\WINDOWS\system32\drivers\splitter.sys - ok
20:28:06.0000 0468 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
20:28:06.0000 0468 C:\WINDOWS\system32\drivers\aec.sys - ok
20:28:06.0000 0468 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
20:28:06.0000 0468 C:\WINDOWS\system32\drivers\swmidi.sys - ok
20:28:06.0000 0468 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
20:28:06.0000 0468 C:\WINDOWS\system32\drivers\dmusic.sys - ok
20:28:06.0015 0468 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
20:28:06.0015 0468 C:\WINDOWS\system32\drivers\kmixer.sys - ok
20:28:06.0015 0468 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:06.0015 0468 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
20:28:06.0015 0468 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
20:28:06.0015 0468 C:\WINDOWS\system32\msacm32.drv - ok
20:28:06.0031 0468 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
20:28:06.0031 0468 C:\WINDOWS\system32\midimap.dll - ok
20:28:06.0031 0468 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
20:28:06.0031 0468 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
20:28:06.0046 0468 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
20:28:06.0046 0468 C:\WINDOWS\system32\webclnt.dll - ok
20:28:06.0046 0468 [ ADC420616C501B45D26C0FD3EF1E54E4 ] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:28:06.0046 0468 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe - ok
20:28:06.0046 0468 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
20:28:06.0046 0468 C:\WINDOWS\system32\drivers\parvdm.sys - ok
20:28:06.0062 0468 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:06.0062 0468 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
20:28:06.0062 0468 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
20:28:06.0062 0468 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
20:28:06.0062 0468 [ 7548C242D95CBFF76908360AD629C09F ] C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll
20:28:06.0062 0468 C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll - ok
20:28:06.0078 0468 [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
20:28:06.0078 0468 C:\WINDOWS\system32\msi.dll - ok
20:28:06.0078 0468 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
20:28:06.0078 0468 C:\WINDOWS\system32\mscoree.dll - ok
20:28:06.0093 0468 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
20:28:06.0093 0468 C:\WINDOWS\system32\cryptsvc.dll - ok
20:28:06.0093 0468 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
20:28:06.0093 0468 C:\WINDOWS\system32\certcli.dll - ok
20:28:06.0093 0468 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
20:28:06.0093 0468 C:\WINDOWS\system32\dmserver.dll - ok
20:28:06.0109 0468 [ 2973B4EB7BE10A0D491B2037DCAAE88F ] C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
20:28:06.0109 0468 C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe - ok
20:28:06.0109 0468 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
20:28:06.0109 0468 C:\WINDOWS\system32\ersvc.dll - ok
20:28:06.0109 0468 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
20:28:06.0109 0468 C:\WINDOWS\system32\es.dll - ok
20:28:06.0125 0468 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
20:28:06.0125 0468 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
20:28:06.0125 0468 [ 215CE077258CEDD5BE4C56E9D614DB9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
20:28:06.0125 0468 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
20:28:06.0140 0468 [ 8495229CB7E717879C8E6A22EF661D09 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
20:28:06.0140 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll - ok
20:28:06.0140 0468 [ 1986443C2F2C0E2A18E908DD241BF84D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
20:28:06.0140 0468 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll - ok
20:28:06.0140 0468 [ 7AFACEB3478DABF686122C3A74FC5C11 ] C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreLibrary.dll
20:28:06.0140 0468 C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreLibrary.dll - ok
20:28:06.0156 0468 [ 35ED37326421112206CAABC025FDCDAB ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
20:28:06.0156 0468 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
20:28:06.0156 0468 [ 5A656AF788C0929E5180E641518EED75 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
20:28:06.0156 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll - ok
20:28:06.0156 0468 [ 19B65E81FE6603A5D5FB6433134D283D ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
20:28:06.0156 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll - ok
20:28:06.0171 0468 [ B8EF3729A21BBFAE26E2AF5BCDD65EB8 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
20:28:06.0171 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll - ok
20:28:06.0171 0468 [ 781BF72F57CC9E5F85CB109C24D00FDC ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
20:28:06.0171 0468 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
20:28:06.0171 0468 [ 805BE8BD4300840ADA09FE7DD21A62C9 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
20:28:06.0171 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll - ok
20:28:06.0187 0468 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
20:28:06.0187 0468 C:\WINDOWS\system32\shfolder.dll - ok
20:28:06.0187 0468 [ B48231D95E9054250775A15106BF82B9 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
20:28:06.0187 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll - ok
20:28:06.0203 0468 [ A006D4B77DFDD3E35793EA04AA9ECE59 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
20:28:06.0203 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll - ok
20:28:06.0203 0468 [ 187672A73A548BC293C39D92FDEC40B3 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
20:28:06.0203 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll - ok
20:28:06.0203 0468 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
20:28:06.0203 0468 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll - ok
20:28:06.0218 0468 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
20:28:06.0218 0468 C:\WINDOWS\system32\drivers\http.sys - ok
20:28:06.0218 0468 [ 43B92FEB8A5659A60E9EFA426D63B2E8 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
20:28:06.0218 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll - ok
20:28:06.0218 0468 [ 9ECF00E19736054E019C532AED8228FC ] C:\Program Files\Java\jre7\bin\jqs.exe
20:28:06.0218 0468 C:\Program Files\Java\jre7\bin\jqs.exe - ok
20:28:06.0234 0468 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
20:28:06.0234 0468 C:\WINDOWS\system32\w3ssl.dll - ok
20:28:06.0234 0468 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
20:28:06.0234 0468 C:\WINDOWS\system32\strmfilt.dll - ok
20:28:06.0250 0468 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
20:28:06.0250 0468 C:\WINDOWS\system32\httpapi.dll - ok
20:28:06.0250 0468 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
20:28:06.0250 0468 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
20:28:06.0250 0468 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
20:28:06.0250 0468 C:\WINDOWS\system32\pdh.dll - ok
20:28:06.0265 0468 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
20:28:06.0265 0468 C:\WINDOWS\system32\odbcbcp.dll - ok
20:28:06.0265 0468 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
20:28:06.0265 0468 C:\WINDOWS\system32\ipsecsvc.dll - ok
20:28:06.0265 0468 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
20:28:06.0265 0468 C:\WINDOWS\system32\srvsvc.dll - ok
20:28:06.0281 0468 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
20:28:06.0281 0468 C:\WINDOWS\system32\drivers\srv.sys - ok
20:28:06.0281 0468 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
20:28:06.0281 0468 C:\WINDOWS\system32\oakley.dll - ok
20:28:06.0281 0468 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
20:28:06.0281 0468 C:\WINDOWS\system32\regsvc.dll - ok
20:28:06.0296 0468 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
20:28:06.0296 0468 C:\WINDOWS\system32\seclogon.dll - ok
20:28:06.0296 0468 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
20:28:06.0296 0468 C:\WINDOWS\system32\perfos.dll - ok
20:28:06.0312 0468 [ 73E3B5D1F1EB5FDC51A5C3437EEE3348 ] C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:28:06.0312 0468 C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe - ok
20:28:06.0312 0468 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
20:28:06.0312 0468 C:\WINDOWS\system32\perfdisk.dll - ok
20:28:06.0312 0468 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
20:28:06.0312 0468 C:\WINDOWS\system32\sens.dll - ok
20:28:06.0328 0468 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
20:28:06.0328 0468 C:\WINDOWS\system32\winipsec.dll - ok
20:28:06.0328 0468 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
20:28:06.0328 0468 C:\WINDOWS\system32\pstorsvc.dll - ok
20:28:06.0328 0468 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
20:28:06.0328 0468 C:\WINDOWS\system32\psbase.dll - ok
20:28:06.0343 0468 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
20:28:06.0343 0468 C:\WINDOWS\system32\spoolss.dll - ok
20:28:06.0343 0468 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
20:28:06.0343 0468 C:\WINDOWS\system32\dssenh.dll - ok
20:28:06.0359 0468 [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
20:28:06.0359 0468 C:\WINDOWS\system32\localspl.dll - ok
20:28:06.0359 0468 [ 2FD3E73D3E00C3B00A236FF3ADF9E401 ] C:\WINDOWS\system32\AdobePDF.dll
20:28:06.0359 0468 C:\WINDOWS\system32\AdobePDF.dll - ok
20:28:06.0359 0468 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
20:28:06.0359 0468 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok
20:28:06.0375 0468 [ 06B20B1839348B30E8466BD8D80990DE ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll
20:28:06.0375 0468 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll - ok
20:28:06.0375 0468 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
20:28:06.0375 0468 C:\WINDOWS\system32\cnbjmon.dll - ok
20:28:06.0375 0468 [ CF0376023360AADD55C89BA50564AFDC ] C:\WINDOWS\system32\mdimon.dll
20:28:06.0375 0468 C:\WINDOWS\system32\mdimon.dll - ok
20:28:06.0390 0468 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
20:28:06.0390 0468 C:\WINDOWS\system32\pjlmon.dll - ok
20:28:06.0390 0468 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
20:28:06.0390 0468 C:\WINDOWS\system32\tcpmon.dll - ok
20:28:06.0406 0468 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
20:28:06.0406 0468 C:\WINDOWS\system32\usbmon.dll - ok
20:28:06.0406 0468 [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
20:28:06.0406 0468 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
20:28:06.0406 0468 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
20:28:06.0406 0468 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
20:28:06.0406 0468 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
20:28:06.0406 0468 C:\WINDOWS\system32\win32spl.dll - ok
20:28:06.0421 0468 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
20:28:06.0421 0468 C:\WINDOWS\system32\inetpp.dll - ok
20:28:06.0421 0468 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
20:28:06.0421 0468 C:\WINDOWS\system32\winhttp.dll - ok
20:28:06.0437 0468 [ 7DC88CC3F636F9B695C676562AFAD9EB ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
20:28:06.0437 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll - ok
20:28:06.0437 0468 [ 5B801B75EB6620BCE9DDF7EE4BDEB367 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
20:28:06.0437 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll - ok
20:28:06.0437 0468 [ 8487E4626C2594156AD7B87DDD1DBC6B ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
20:28:06.0437 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll - ok
20:28:06.0453 0468 [ DE5B6352819571637DC598372E0AE6E2 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll
20:28:06.0453 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll - ok
20:28:06.0453 0468 [ E9D7D7D9B6A5024A4EC0E7A116469712 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll
20:28:06.0453 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll - ok
20:28:06.0453 0468 [ F309997A8A26845B8495676127E84633 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
20:28:06.0453 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll - ok
20:28:06.0468 0468 [ 24D0DAC55FFCD24CE91EED05676F013E ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
20:28:06.0468 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll - ok
20:28:06.0468 0468 [ E7F57A1FE7CE9086269A22741ABC7E4D ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
20:28:06.0468 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll - ok
20:28:06.0484 0468 [ 5FBFB9A2A9E97F18953BC726D9645C54 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
20:28:06.0484 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll - ok
20:28:06.0484 0468 [ 611C51EC477178C51D08FFF0BBDA1DE0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
20:28:06.0484 0468 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll - ok
20:28:06.0484 0468 [ 9CD1BB2DB803B6AC642BD643DDB773BC ] C:\Program Files\Skype\Updater\Updater.exe
20:28:06.0484 0468 C:\Program Files\Skype\Updater\Updater.exe - ok
20:28:06.0500 0468 [ F2E35316071221EED8E8EB5CE45A5EC2 ] C:\Program Files\Java\jre7\bin\awt.dll
20:28:06.0500 0468 C:\Program Files\Java\jre7\bin\awt.dll - ok
20:28:06.0500 0468 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
20:28:06.0500 0468 C:\WINDOWS\system32\srsvc.dll - ok
20:28:06.0500 0468 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
20:28:06.0500 0468 C:\WINDOWS\system32\ssdpsrv.dll - ok
20:28:06.0515 0468 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
20:28:06.0515 0468 C:\WINDOWS\system32\wiaservc.dll - ok
20:28:06.0515 0468 [ 3025D52F50B7A1815855503F81209570 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
20:28:06.0515 0468 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
20:28:06.0531 0468 [ 63F6D08C54D5B3C1B12A6172032055C7 ] C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
20:28:06.0531 0468 C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe - ok
20:28:06.0531 0468 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
20:28:06.0531 0468 C:\WINDOWS\system32\termsrv.dll - ok
20:28:06.0531 0468 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
20:28:06.0531 0468 C:\WINDOWS\system32\trkwks.dll - ok
20:28:06.0546 0468 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] C:\WINDOWS\system32\upnphost.dll
20:28:06.0546 0468 C:\WINDOWS\system32\upnphost.dll - ok
20:28:06.0546 0468 [ F5AEA981E3EA6C8393E2D545C0A6F919 ] C:\WINDOWS\system32\ArcSoftKsUFilter.dll
20:28:06.0546 0468 C:\WINDOWS\system32\ArcSoftKsUFilter.dll - ok
20:28:06.0546 0468 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
20:28:06.0546 0468 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
20:28:06.0562 0468 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
20:28:06.0562 0468 C:\WINDOWS\system32\icaapi.dll - ok
20:28:06.0562 0468 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
20:28:06.0562 0468 C:\WINDOWS\system32\cfgmgr32.dll - ok
20:28:06.0562 0468 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
20:28:06.0562 0468 C:\WINDOWS\system32\mscms.dll - ok
20:28:06.0578 0468 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
20:28:06.0578 0468 C:\WINDOWS\system32\mstlsapi.dll - ok
20:28:06.0578 0468 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
20:28:06.0578 0468 C:\WINDOWS\system32\vssapi.dll - ok
20:28:06.0593 0468 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
20:28:06.0593 0468 C:\WINDOWS\system32\ssdpapi.dll - ok
20:28:06.0593 0468 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
20:28:06.0593 0468 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
20:28:06.0593 0468 [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll
20:28:06.0593 0468 C:\WINDOWS\system32\wuaueng.dll - ok
20:28:06.0609 0468 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
20:28:06.0609 0468 C:\WINDOWS\system32\wuauserv.dll - ok
20:28:06.0609 0468 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
20:28:06.0609 0468 C:\WINDOWS\system32\wsock32.dll - ok
20:28:06.0609 0468 [ 3B8CFDA90EFAA65901ECC2EDCAD4D1EF ] C:\WINDOWS\system32\wmpmde.dll
20:28:06.0609 0468 C:\WINDOWS\system32\wmpmde.dll - ok
20:28:06.0625 0468 [ 55C30168142479C602BD456AC4E230B0 ] C:\WINDOWS\system32\MFPLAT.dll
20:28:06.0625 0468 C:\WINDOWS\system32\MFPLAT.dll - ok
20:28:06.0625 0468 [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
20:28:06.0625 0468 C:\WINDOWS\system32\wiavusd.dll - ok
20:28:06.0640 0468 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
20:28:06.0640 0468 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
20:28:06.0640 0468 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
20:28:06.0640 0468 C:\WINDOWS\system32\faultrep.dll - ok
20:28:06.0640 0468 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
20:28:06.0640 0468 C:\WINDOWS\system32\cabinet.dll - ok
20:28:06.0656 0468 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
20:28:06.0656 0468 C:\WINDOWS\system32\upnp.dll - ok
20:28:06.0656 0468 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
20:28:06.0656 0468 C:\WINDOWS\system32\mspatcha.dll - ok
20:28:06.0656 0468 [ 7778BDFA3F6F6FBA0E75B9594098F737 ] C:\WINDOWS\system32\searchindexer.exe
20:28:06.0656 0468 C:\WINDOWS\system32\searchindexer.exe - ok
20:28:06.0671 0468 [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
20:28:06.0671 0468 C:\WINDOWS\system32\browser.dll - ok
20:28:06.0671 0468 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
20:28:06.0671 0468 C:\WINDOWS\system32\wscsvc.dll - ok
20:28:06.0671 0468 [ 1EA6CEF834C7D067F2ED326109B28F4B ] C:\Program Files\Java\jre7\bin\dcpr.dll
20:28:06.0671 0468 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
20:28:06.0687 0468 [ 77B4BE0C9AA0AC78884D8E7CFB315463 ] C:\WINDOWS\system32\wmp.dll
20:28:06.0687 0468 C:\WINDOWS\system32\wmp.dll - ok
20:28:06.0687 0468 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
20:28:06.0687 0468 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
20:28:06.0687 0468 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
20:28:06.0687 0468 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
20:28:06.0703 0468 [ 242129C34DFE88A1E3A29CC1B061BA8C ] C:\Program Files\Java\jre7\bin\deploy.dll
20:28:06.0703 0468 C:\Program Files\Java\jre7\bin\deploy.dll - ok
20:28:06.0703 0468 [ 0CBD1906F74BEB539FCEF6493095B933 ] C:\WINDOWS\system32\tquery.dll
20:28:06.0703 0468 C:\WINDOWS\system32\tquery.dll - ok
20:28:06.0718 0468 [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll
20:28:06.0718 0468 C:\WINDOWS\system32\wups.dll - ok
20:28:06.0718 0468 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
20:28:06.0718 0468 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
20:28:06.0718 0468 [ B7EA1E434E01E7AC693BCA0BC506FA89 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
20:28:06.0718 0468 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
20:28:06.0734 0468 [ 78B3EA7D2E62254D54BD4F735D5EEA25 ] C:\Program Files\Java\jre7\bin\java.dll
20:28:06.0734 0468 C:\Program Files\Java\jre7\bin\java.dll - ok
20:28:06.0734 0468 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
20:28:06.0734 0468 C:\WINDOWS\system32\wbem\esscli.dll - ok
20:28:06.0734 0468 [ DE2E2F1370FFDAB7F307F895292A3B62 ] C:\Program Files\Java\jre7\bin\javaw.exe
20:28:06.0734 0468 C:\Program Files\Java\jre7\bin\javaw.exe - ok
20:28:06.0750 0468 [ D6A14976A14A5F46E06C9085BB698534 ] C:\Program Files\Java\jre7\bin\jp2native.dll
20:28:06.0750 0468 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
20:28:06.0750 0468 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
20:28:06.0750 0468 C:\WINDOWS\system32\wbem\fastprox.dll - ok
20:28:06.0765 0468 [ A33550C6D79998C4197FD9C47279D732 ] C:\Program Files\Java\jre7\bin\jpeg.dll
20:28:06.0765 0468 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
20:28:06.0765 0468 [ 6290D2038B3E50768BEC06A31DDFADA9 ] C:\Program Files\Java\jre7\bin\net.dll
20:28:06.0765 0468 C:\Program Files\Java\jre7\bin\net.dll - ok
20:28:06.0765 0468 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
20:28:06.0765 0468 C:\WINDOWS\system32\actxprxy.dll - ok
20:28:06.0781 0468 [ D1DFE8C23C5CA4A04E8D6A9E116CAE7D ] C:\Program Files\Java\jre7\bin\nio.dll
20:28:06.0781 0468 C:\Program Files\Java\jre7\bin\nio.dll - ok
20:28:06.0781 0468 [ 299DF5D9F63238F171617FA5D92FEF03 ] C:\Program Files\Java\jre7\bin\verify.dll
20:28:06.0781 0468 C:\Program Files\Java\jre7\bin\verify.dll - ok
20:28:06.0781 0468 [ 89D74683C859B7982056D15938BACA3E ] C:\WINDOWS\system32\propsys.dll
20:28:06.0781 0468 C:\WINDOWS\system32\propsys.dll - ok
20:28:06.0796 0468 [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll
20:28:06.0796 0468 C:\WINDOWS\system32\wups2.dll - ok
20:28:06.0796 0468 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
20:28:06.0796 0468 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
20:28:06.0796 0468 [ EDF4EEB92E4E0C6F316CE326632E2265 ] C:\Program Files\Java\jre7\bin\zip.dll
20:28:06.0796 0468 C:\Program Files\Java\jre7\bin\zip.dll - ok
20:28:06.0812 0468 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
20:28:06.0812 0468 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
20:28:06.0812 0468 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
20:28:06.0812 0468 C:\WINDOWS\system32\comsvcs.dll - ok
20:28:06.0828 0468 [ E65C5F612400B39D7AA83E7057D798C2 ] C:\WINDOWS\system32\mssrch.dll
20:28:06.0828 0468 C:\WINDOWS\system32\mssrch.dll - ok
20:28:06.0828 0468 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
20:28:06.0828 0468 C:\WINDOWS\system32\colbact.dll - ok
20:28:06.0828 0468 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
20:28:06.0828 0468 C:\WINDOWS\system32\mtxclu.dll - ok
20:28:06.0843 0468 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
20:28:06.0843 0468 C:\WINDOWS\system32\clusapi.dll - ok
20:28:06.0843 0468 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
20:28:06.0843 0468 C:\WINDOWS\system32\resutils.dll - ok
20:28:06.0843 0468 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
20:28:06.0843 0468 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
20:28:06.0859 0468 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
20:28:06.0859 0468 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
20:28:06.0859 0468 [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe
20:28:06.0859 0468 C:\WINDOWS\system32\wuauclt.exe - ok
20:28:06.0875 0468 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
20:28:06.0875 0468 C:\WINDOWS\system32\wbem\wbemess.dll - ok
20:28:06.0875 0468 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
20:28:06.0875 0468 C:\WINDOWS\system32\dbghelp.dll - ok
20:28:06.0875 0468 [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll
20:28:06.0875 0468 C:\WINDOWS\system32\wuapi.dll - ok
20:28:06.0890 0468 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
20:28:06.0890 0468 C:\WINDOWS\system32\wbem\ncprov.dll - ok
20:28:06.0890 0468 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
20:28:06.0890 0468 C:\WINDOWS\system32\ipnathlp.dll - ok
20:28:06.0890 0468 [ 43E4758953F454090CAD65C303796ED5 ] C:\WINDOWS\system32\query.dll
20:28:06.0890 0468 C:\WINDOWS\system32\query.dll - ok
20:28:06.0906 0468 [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
20:28:06.0906 0468 C:\WINDOWS\system32\wscntfy.exe - ok
20:28:06.0906 0468 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
20:28:06.0906 0468 C:\WINDOWS\system32\msvfw32.dll - ok
20:28:06.0906 0468 [ E8885A533A3D46209851433E3B9B3BC4 ] C:\WINDOWS\system32\wmploc.dll
20:28:06.0906 0468 C:\WINDOWS\system32\wmploc.dll - ok
20:28:06.0921 0468 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
20:28:06.0921 0468 C:\WINDOWS\system32\xmllite.dll - ok
20:28:06.0921 0468 [ FFB3115AA757ABEFBA7FBA90BAD5DD0A ] C:\WINDOWS\system32\en-us\tquery.dll.mui
20:28:06.0921 0468 C:\WINDOWS\system32\en-us\tquery.dll.mui - ok
20:28:06.0921 0468 [ 8F580BCC5296ECC9DC8A649D75BE6BA5 ] C:\WINDOWS\system32\msscb.dll
20:28:06.0921 0468 C:\WINDOWS\system32\msscb.dll - ok
20:28:06.0937 0468 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
20:28:06.0937 0468 C:\WINDOWS\system32\userinit.exe - ok
20:28:06.0937 0468 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
20:28:06.0937 0468 C:\WINDOWS\system32\WgaTray.exe - ok
20:28:06.0953 0468 [ 5CCB54A9CF8FC5E3251374E0DC9C45BB ] C:\WINDOWS\system32\wmpps.dll
20:28:06.0953 0468 C:\WINDOWS\system32\wmpps.dll - ok
20:28:06.0953 0468 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
20:28:06.0953 0468 C:\WINDOWS\explorer.exe - ok
20:28:06.0953 0468 [ 4F372C68F7D7546171473870F307CA17 ] C:\WINDOWS\system32\wmdrmdev.dll
20:28:06.0953 0468 C:\WINDOWS\system32\wmdrmdev.dll - ok
20:28:06.0968 0468 [ E989E4BADCCCF78E18AABF3D42B306CE ] C:\WINDOWS\system32\drmv2clt.dll
20:28:06.0968 0468 C:\WINDOWS\system32\drmv2clt.dll - ok
20:28:06.0968 0468 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
20:28:06.0968 0468 C:\WINDOWS\system32\browseui.dll - ok
20:28:06.0968 0468 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
20:28:06.0968 0468 C:\WINDOWS\system32\shdocvw.dll - ok
20:28:06.0984 0468 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
20:28:06.0984 0468 C:\WINDOWS\system32\cryptnet.dll - ok
20:28:06.0984 0468 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
20:28:06.0984 0468 C:\WINDOWS\system32\sensapi.dll - ok
20:28:07.0000 0468 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
20:28:07.0000 0468 C:\WINDOWS\system32\LegitCheckControl.dll - ok
20:28:07.0000 0468 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
20:28:07.0000 0468 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
20:28:07.0000 0468 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
20:28:07.0000 0468 C:\WINDOWS\system32\licwmi.dll - ok
20:28:07.0015 0468 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
20:28:07.0015 0468 C:\WINDOWS\system32\wbem\framedyn.dll - ok
20:28:07.0015 0468 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
20:28:07.0015 0468 C:\WINDOWS\system32\desk.cpl - ok
20:28:07.0015 0468 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
20:28:07.0015 0468 C:\WINDOWS\system32\licdll.dll - ok
20:28:07.0031 0468 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
20:28:07.0031 0468 C:\WINDOWS\system32\themeui.dll - ok
20:28:07.0031 0468 [ 994AD0D8550B8B26990A6E3AA0791502 ] C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
20:28:07.0031 0468 C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll - ok
20:28:07.0031 0468 [ CA4603AB0CB1C86736302BAA0AB5177C ] C:\WINDOWS\system32\blackbox.dll
20:28:07.0031 0468 C:\WINDOWS\system32\blackbox.dll - ok
20:28:07.0046 0468 [ 3618313F7DFB605571A48FCF55D7868F ] C:\WINDOWS\system32\ieframe.dll
20:28:07.0046 0468 C:\WINDOWS\system32\ieframe.dll - ok
20:28:07.0046 0468 [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Temp\Malwarebytes' Anti-Malware\mbamgui.exe
20:28:07.0046 0468 C:\Temp\Malwarebytes' Anti-Malware\mbamgui.exe - ok
20:28:07.0062 0468 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
20:28:07.0062 0468 C:\WINDOWS\system32\perfproc.dll - ok
20:28:07.0062 0468 [ 2FA8B03CB4C0BE92BF43C5EDE8B17846 ] C:\WINDOWS\system32\msxml6.dll
20:28:07.0062 0468 C:\WINDOWS\system32\msxml6.dll - ok
20:28:07.0062 0468 [ 01446ACA514121E876126C13B1332102 ] C:\WINDOWS\system32\wmdrmnet.dll
20:28:07.0062 0468 C:\WINDOWS\system32\wmdrmnet.dll - ok
20:28:07.0078 0468 [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Temp\Malwarebytes' Anti-Malware\mbam.dll
20:28:07.0078 0468 C:\Temp\Malwarebytes' Anti-Malware\mbam.dll - ok
20:28:07.0078 0468 [ 7365B5CA9747C84178D42CCA72486277 ] C:\WINDOWS\system32\wmasf.dll
20:28:07.0078 0468 C:\WINDOWS\system32\wmasf.dll - ok
20:28:07.0078 0468 [ DFFEC6479C5E00A103A44AC33A1058AA ] C:\WINDOWS\system32\WMVCore.dll
20:28:07.0078 0468 C:\WINDOWS\system32\WMVCore.dll - ok
20:28:07.0093 0468 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
20:28:07.0093 0468 C:\WINDOWS\system32\mlang.dll - ok
20:28:07.0093 0468 [ 9275F02BEA644F43A459E316A932658F ] C:\Temp\Malwarebytes' Anti-Malware\mbamnet.dll
20:28:07.0093 0468 C:\Temp\Malwarebytes' Anti-Malware\mbamnet.dll - ok
20:28:07.0109 0468 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
20:28:07.0109 0468 C:\WINDOWS\system32\tapisrv.dll - ok
20:28:07.0109 0468 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
20:28:07.0109 0468 C:\WINDOWS\system32\rasmans.dll - ok
20:28:07.0109 0468 [ 7469B9D06F0299273769C3E5365F5469 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
20:28:07.0109 0468 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL - ok
20:28:07.0125 0468 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
20:28:07.0125 0468 C:\WINDOWS\system32\netcfgx.dll - ok
20:28:07.0125 0468 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
20:28:07.0125 0468 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
20:28:07.0125 0468 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
20:28:07.0125 0468 C:\WINDOWS\system32\rastapi.dll - ok
20:28:07.0140 0468 [ 8BEAF2B4BCDE405AF7EC46A9E03B2D65 ] C:\WINDOWS\system32\mssprxy.dll
20:28:07.0140 0468 C:\WINDOWS\system32\mssprxy.dll - ok
20:28:07.0140 0468 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
20:28:07.0140 0468 C:\WINDOWS\system32\qmgr.dll - ok
20:28:07.0156 0468 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
20:28:07.0156 0468 C:\WINDOWS\system32\unimdm.tsp - ok
20:28:07.0156 0468 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
20:28:07.0156 0468 C:\WINDOWS\system32\uniplat.dll - ok
20:28:07.0156 0468 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
20:28:07.0156 0468 C:\WINDOWS\system32\alg.exe - ok
20:28:07.0156 0468 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
20:28:07.0156 0468 C:\WINDOWS\system32\unimdmat.dll - ok
20:28:07.0171 0468 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
20:28:07.0171 0468 C:\WINDOWS\system32\modemui.dll - ok
20:28:07.0171 0468 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
20:28:07.0171 0468 C:\WINDOWS\system32\kmddsp.tsp - ok
20:28:07.0187 0468 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
20:28:07.0187 0468 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
20:28:07.0187 0468 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
20:28:07.0187 0468 C:\WINDOWS\system32\ndptsp.tsp - ok
20:28:07.0187 0468 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
20:28:07.0187 0468 C:\WINDOWS\system32\ipconf.tsp - ok
20:28:07.0203 0468 [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
20:28:07.0203 0468 C:\WINDOWS\system32\qmgrprxy.dll - ok
20:28:07.0203 0468 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
20:28:07.0203 0468 C:\WINDOWS\system32\h323.tsp - ok
20:28:07.0218 0468 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
20:28:07.0218 0468 C:\WINDOWS\system32\hidphone.tsp - ok
20:28:07.0218 0468 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
20:28:07.0218 0468 C:\WINDOWS\system32\hid.dll - ok
20:28:07.0218 0468 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
20:28:07.0218 0468 C:\WINDOWS\system32\rasppp.dll - ok
20:28:07.0234 0468 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
20:28:07.0234 0468 C:\WINDOWS\system32\ntlsapi.dll - ok
20:28:07.0234 0468 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
20:28:07.0234 0468 C:\WINDOWS\system32\rasqec.dll - ok
20:28:07.0234 0468 [ FB83E56708103345BFDB8A2B7FF7BBA7 ] C:\Program Files\Garmin\Core Update Service\Ionic.Zip.dll
20:28:07.0234 0468 C:\Program Files\Garmin\Core Update Service\Ionic.Zip.dll - ok
20:28:07.0250 0468 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
20:28:07.0250 0468 C:\WINDOWS\system32\cmd.exe - ok
20:28:07.0250 0468 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\User\LOCALS~1\temp\380B8B8B-1D4B-48D4-8DA4-E6BD99D1BEE1.exe
20:28:07.0250 0468 C:\DOCUME~1\User\LOCALS~1\temp\380B8B8B-1D4B-48D4-8DA4-E6BD99D1BEE1.exe - ok
20:28:07.0265 0468 [ CDB517386A26AE420CB24BDB3CD88779 ] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
20:28:07.0265 0468 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe - ok
20:28:07.0265 0468 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
20:28:07.0265 0468 C:\WINDOWS\system32\linkinfo.dll - ok
20:28:07.0265 0468 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
20:28:07.0265 0468 C:\WINDOWS\system32\ntshrui.dll - ok
20:28:07.0281 0468 [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
20:28:07.0281 0468 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok
20:28:07.0281 0468 [ D235A53377A2BF6E625A4CC8C9598CB3 ] C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe
20:28:07.0281 0468 C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe - ok
20:28:07.0296 0468 [ F7128E5772F9312F0D111A5FA5D41773 ] C:\Program Files\Skype\Phone\Skype.exe
20:28:07.0296 0468 C:\Program Files\Skype\Phone\Skype.exe - ok
20:28:07.0296 0468 [ 7EAED08CCCA4DDDE61A388C82598CFA9 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
20:28:07.0296 0468 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
20:28:07.0312 0468 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
20:28:07.0312 0468 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
20:28:07.0312 0468 [ E9A73E376B26D5243F7A418A0C548929 ] C:\Program Files\Windows Media Player\wmpnssci.dll
20:28:07.0312 0468 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
20:28:07.0312 0468 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
20:28:07.0312 0468 C:\WINDOWS\system32\webcheck.dll - ok
20:28:07.0328 0468 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
20:28:07.0328 0468 C:\WINDOWS\system32\stobject.dll - ok
20:28:07.0328 0468 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
20:28:07.0328 0468 C:\WINDOWS\system32\batmeter.dll - ok
20:28:07.0343 0468 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\10193306.sys
20:28:07.0343 0468 C:\WINDOWS\system32\drivers\10193306.sys - ok
20:28:07.0343 0468 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
20:28:07.0343 0468 C:\WINDOWS\system32\imapi.exe - ok
20:28:07.0343 0468 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
20:28:07.0343 0468 C:\WINDOWS\system32\d3d9.dll - ok
20:28:07.0359 0468 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
20:28:07.0359 0468 C:\WINDOWS\system32\d3d8thk.dll - ok
20:28:07.0359 0468 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
20:28:07.0359 0468 C:\WINDOWS\system32\olepro32.dll - ok
20:28:07.0375 0468 [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
20:28:07.0375 0468 C:\WINDOWS\system32\wlanapi.dll - ok
20:28:07.0375 0468 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
20:28:07.0375 0468 C:\WINDOWS\system32\rasdlg.dll - ok
20:28:07.0375 0468 [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
20:28:07.0375 0468 C:\WINDOWS\system32\mapi32.dll - ok
20:28:07.0390 0468 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
20:28:07.0390 0468 C:\WINDOWS\system32\devenum.dll - ok
20:28:07.0390 0468 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
20:28:07.0390 0468 C:\WINDOWS\system32\msdmo.dll - ok
20:28:07.0390 0468 [ 01CFA88F8DEE91EC9F8E0988F49D106E ] C:\WINDOWS\system32\avicap32.dll
20:28:07.0390 0468 C:\WINDOWS\system32\avicap32.dll - ok
20:28:07.0406 0468 [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
20:28:07.0406 0468 C:\WINDOWS\system32\jscript.dll - ok
20:28:07.0406 0468 [ 886B62A906B3967CBBF0FD2C833A30BF ] C:\WINDOWS\system32\mshtml.dll
20:28:07.0406 0468 C:\WINDOWS\system32\mshtml.dll - ok
20:28:07.0406 0468 [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
20:28:07.0406 0468 C:\WINDOWS\system32\msls31.dll - ok
20:28:07.0421 0468 [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
20:28:07.0421 0468 C:\WINDOWS\system32\msimtf.dll - ok
20:28:07.0421 0468 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
20:28:07.0421 0468 C:\WINDOWS\system32\msctf.dll - ok
20:28:07.0421 0468 [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
20:28:07.0421 0468 C:\WINDOWS\system32\imgutil.dll - ok
20:28:07.0437 0468 [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
20:28:07.0437 0468 C:\WINDOWS\system32\pngfilt.dll - ok
20:28:07.0437 0468 [ 4C6785E3D2E45EE87CB995190A0C7737 ] C:\WINDOWS\system32\control.exe
20:28:07.0437 0468 C:\WINDOWS\system32\control.exe - ok
20:28:07.0437 0468 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
20:28:07.0453 0468 C:\WINDOWS\system32\rundll32.exe - ok
20:28:07.0453 0468 [ 254D6FA37C3C1884CF41562715F49331 ] C:\WINDOWS\system32\wscui.cpl
20:28:07.0453 0468 C:\WINDOWS\system32\wscui.cpl - ok
20:28:07.0453 0468 [ C76445E155590D42F47EA86F9C2D7C2B ] C:\WINDOWS\system32\ALSndMgr.cpl
20:28:07.0453 0468 C:\WINDOWS\system32\ALSndMgr.cpl - ok
20:28:07.0468 0468 [ 80AA4214C5BC0A355151BD115017313F ] C:\WINDOWS\system32\bthprops.cpl
20:28:07.0468 0468 C:\WINDOWS\system32\bthprops.cpl - ok
20:28:07.0468 0468 [ B1762156256B0238C21BAA4C06CEF727 ] C:\WINDOWS\system32\devmgr.dll
20:28:07.0468 0468 C:\WINDOWS\system32\devmgr.dll - ok
20:28:07.0468 0468 [ 2DA9B2B1CE97A115BD0C178C0FF4791F ] C:\WINDOWS\system32\firewall.cpl
20:28:07.0468 0468 C:\WINDOWS\system32\firewall.cpl - ok
20:28:07.0484 0468 [ 524FFBC40A38208E68AAA095D28D0455 ] C:\WINDOWS\system32\irprops.cpl
20:28:07.0484 0468 C:\WINDOWS\system32\irprops.cpl - ok
20:28:07.0484 0468 [ 2073E759F5458A8432B088F047E430D5 ] C:\WINDOWS\system32\netsetup.cpl
20:28:07.0484 0468 C:\WINDOWS\system32\netsetup.cpl - ok
20:28:07.0484 0468 [ D5B7F5185B117AA90A472C7627B55CE9 ] C:\WINDOWS\system32\nwc.cpl
20:28:07.0484 0468 C:\WINDOWS\system32\nwc.cpl - ok
20:28:07.0500 0468 [ 06E587F41466569F32BEAAC7260E8AEC ] C:\WINDOWS\system32\nwprovau.dll
20:28:07.0500 0468 C:\WINDOWS\system32\nwprovau.dll - ok
20:28:07.0500 0468 [ F64D1364B1332E8E5B9B96AFFC9EE118 ] C:\WINDOWS\system32\RTSndMgr.cpl
20:28:07.0500 0468 C:\WINDOWS\system32\RTSndMgr.cpl - ok
20:28:07.0515 0468 [ 37BF196917FA0C591BAFCD7949524FF3 ] C:\WINDOWS\system32\wuaucpl.cpl
20:28:07.0515 0468 C:\WINDOWS\system32\wuaucpl.cpl - ok
20:28:07.0515 0468 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
20:28:07.0515 0468 C:\WINDOWS\system32\dciman32.dll - ok
20:28:07.0515 0468 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
20:28:07.0515 0468 C:\WINDOWS\system32\security.dll - ok
20:28:07.0531 0468 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
20:28:07.0531 0468 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
20:28:07.0531 0468 ============================================================
20:28:07.0531 0468 Scan finished
20:28:07.0531 0468 ============================================================
20:28:07.0656 4092 Detected object count: 5
20:28:07.0656 4092 Actual detected object count: 5
20:28:25.0000 4092 C:\WINDOWS\system32\DRIVERS\a347bus.sys - copied to quarantine
20:28:25.0000 4092 HKLM\SYSTEM\ControlSet002\services\a347bus - will be deleted on reboot
20:28:25.0015 4092 HKLM\SYSTEM\ControlSet003\services\a347bus - will be deleted on reboot
20:28:25.0015 4092 HKLM\SYSTEM\ControlSet004\services\a347bus - will be deleted on reboot
20:28:25.0031 4092 C:\WINDOWS\system32\DRIVERS\a347bus.sys - will be deleted on reboot
20:28:25.0031 4092 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:28:25.0031 4092 C:\WINDOWS\system32\Drivers\a347scsi.sys - copied to quarantine
20:28:25.0031 4092 HKLM\SYSTEM\ControlSet002\services\a347scsi - will be deleted on reboot
20:28:25.0031 4092 HKLM\SYSTEM\ControlSet003\services\a347scsi - will be deleted on reboot
20:28:25.0046 4092 HKLM\SYSTEM\ControlSet004\services\a347scsi - will be deleted on reboot
20:28:25.0046 4092 C:\WINDOWS\system32\Drivers\a347scsi.sys - will be deleted on reboot
20:28:25.0046 4092 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:28:25.0093 4092 C:\WINDOWS\System32\drivers\BIOS.sys - copied to quarantine
20:28:25.0093 4092 HKLM\SYSTEM\ControlSet002\services\BIOS - will be deleted on reboot
20:28:25.0093 4092 HKLM\SYSTEM\ControlSet003\services\BIOS - will be deleted on reboot
20:28:25.0093 4092 HKLM\SYSTEM\ControlSet004\services\BIOS - will be deleted on reboot
20:28:25.0093 4092 C:\WINDOWS\System32\drivers\BIOS.sys - will be deleted on reboot
20:28:25.0093 4092 BIOS ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:28:25.0156 4092 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine
20:28:25.0156 4092 HKLM\SYSTEM\ControlSet002\services\FLEXnet Licensing Service - will be deleted on reboot
20:28:25.0156 4092 HKLM\SYSTEM\ControlSet003\services\FLEXnet Licensing Service - will be deleted on reboot
20:28:25.0156 4092 HKLM\SYSTEM\ControlSet004\services\FLEXnet Licensing Service - will be deleted on reboot
20:28:25.0156 4092 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - will be deleted on reboot
20:28:25.0156 4092 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:28:25.0171 4092 C:\WINDOWS\system32\drivers\pfc.sys - copied to quarantine
20:28:25.0171 4092 HKLM\SYSTEM\ControlSet002\services\pfc - will be deleted on reboot
20:28:25.0171 4092 HKLM\SYSTEM\ControlSet003\services\pfc - will be deleted on reboot
20:28:25.0187 4092 HKLM\SYSTEM\ControlSet004\services\pfc - will be deleted on reboot
20:28:25.0187 4092 C:\WINDOWS\system32\drivers\pfc.sys - will be deleted on reboot
20:28:25.0187 4092 pfc ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:28:28.0953 2824 Deinitialize success

VEW log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/10/2013 8:51:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2013 8:48:09 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 80593cf9, parameter3 b9f20880, parameter4 00000000.

Log: 'System' Date/Time: 09/10/2013 8:47:58 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Background Intelligent Transfer Service service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 09/10/2013 8:47:58 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 09/10/2013 8:44:44 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Background Intelligent Transfer Service service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 09/10/2013 8:44:44 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 09/10/2013 8:30:07 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde xfilt

Log: 'System' Date/Time: 09/10/2013 8:30:01 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 09/10/2013 8:26:15 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde xfilt

Log: 'System' Date/Time: 09/10/2013 8:26:05 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 09/10/2013 8:20:40 PM
Type: error Category: 6
Event: 16 Source: Windows Update Agent
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 09/10/2013 8:11:45 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 09/10/2013 8:08:46 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 09/10/2013 8:05:21 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 09/10/2013 8:03:06 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 09/10/2013 12:40:36 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Background Intelligent Transfer Service service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 09/10/2013 12:40:36 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {6D18AD12-BDE3-4393-B311-099C346E6DF9}

Log: 'System' Date/Time: 09/10/2013 10:31:37 AM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 00000024, parameter1 001902fe, parameter2 f78ba42c, parameter3 f78ba128, parameter4 804ed4d8.

Log: 'System' Date/Time: 09/10/2013 10:31:21 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Background Intelligent Transfer Service service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 09/10/2013 10:31:20 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 09/10/2013 6:41:08 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Background Intelligent Transfer Service service failed to start due to the following error: %%1290

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2013 5:52:07 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#10
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ComboFix 13-10-09.01 - User 10/10/2013 17:49:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1362 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2013-09-10 to 2013-10-10 )))))))))))))))))))))))))))))))
.
.
2013-10-10 22:49 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2013-10-10 22:49 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2013-10-10 01:24 . 2013-10-10 01:28 -------- d-----w- C:\TDSSKiller_Quarantine
2013-10-10 01:22 . 2013-10-10 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-10 01:22 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-08 00:13 . 2013-10-09 01:27 -------- d-----w- C:\AdwCleaner
2013-10-07 00:47 . 2013-10-07 00:47 -------- d-----w- c:\documents and settings\User\Application Data\ElevatedDiagnostics
2013-10-07 00:15 . 2013-10-07 00:15 -------- d-sh--w- c:\documents and settings\Administrator.VERYFASTUSER\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 16:56 . 2012-03-29 01:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 16:56 . 2011-05-16 10:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk]
backup=c:\windows\pss\HP Button Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-12 02:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 21:18 1098072 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 08:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 22:49 16377344 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-05-15 18:31 200704 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 12:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Temp\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\User\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [1/29/2008 2:00 PM 38448]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [3/26/2007 6:26 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [3/26/2007 6:26 PM 52224]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [1/29/2008 2:00 PM 84752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [3/27/2013 4:17 PM 185688]
R2 uCamMonitor;CamMonitor;c:\temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [4/25/2012 5:14 PM 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [4/25/2012 5:14 PM 14336]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9/16/2013 12:29 PM 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/25/2013 8:52 AM 162672]
S4 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [1/29/2008 2:00 PM 223248]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN27231546931689727&UM=2&UP=SP364D9781-D25F-437A-90FF-3EC91C046813
mStart Page = about:blank
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-63117211.sys
SafeBoot-88185283.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-10 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(604)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-10-10 17:59:12
ComboFix-quarantined-files.txt 2013-10-10 22:59
ComboFix2.txt 2013-10-10 01:18
.
Pre-Run: 26,030,632,960 bytes free
Post-Run: 26,018,213,888 bytes free
.
- - End Of File - - E486B81464C4BC58DA6C08569ECD69C8
8F558EB6672622401DA993E1E865C861


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by User (administrator) on VERYFASTUSER on 10-10-2013 18:00:11
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ArcSoft, Inc.) C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKCU\...\Run: [cdloader] - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB212] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8548] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4962] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD4629] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB9292] - command.com /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2776] - cmd.exe /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7206] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD623] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4635] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3117] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB8955] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6534] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1676] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6326] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7234] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8805] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB3523] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6481] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1400] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3854] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB5520] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6325] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1850] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2173] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4402] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD7390] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1973] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD262] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7254] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD204] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S2].txt [ 2013-10-08] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0D7191D1-C6C9-4AE4-9515-1735958A3719} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKCU - {3F8C7A0E-E4EB-4196-9531-4D194A1B16C0} URL = http://search.micros...q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...h={searchTerms}
SearchScopes: HKCU - {DC04EA3C-687E-438D-BF5D-AF4584BEED23} URL = http://search.yahoo....=utf-8&fr=b1ie7
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default
FF NewTab: hxxp://mystart.incredibar.com/?a=&loc=skw
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Echofon - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\[email protected]
FF Extension: FireShot - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: Garmin Communicator - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Extension: (DealPly Shopping) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S4 NetBurnerService; C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [223248 2007-02-21] (Paragon GmbH)
S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 uCamMonitor; C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [134616 2010-08-02] (Deterministic Networks, Inc.)
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [38448 2007-02-21] (Paragon Software Group)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NetBurn; C:\Windows\System32\DRIVERS\NetBurn.sys [84752 2007-02-21] (Rocket Division Software)
R3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [714240 2007-06-04] (S3 Graphics Co., Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32352 2007-02-21] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131456 2007-02-21] (Paragon)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [22168 2009-05-05] (VIA Technologies,Inc)
R3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atapi.sys
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2013-10-10 17:46 - 2013-10-10 17:46 - 01954124 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST64-1.exe
2013-10-10 17:44 - 2013-10-10 17:44 - 01954124 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST64.exe
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:24 - 2013-10-09 20:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:41 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:22 - 2013-10-09 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2013-06-27 19:21 - 00000211 _____ C:\Boot.bak
2013-10-09 20:06 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-09 20:03 - 2013-10-10 17:59 - 00000000 ____D C:\Qoobox
2013-10-09 20:03 - 2013-10-09 20:16 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:03 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-09 20:03 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-09 20:03 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 10:31 - 2013-10-09 10:30 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:12 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:12 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 20:12 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\All Users\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Copy of Speccy.lnk
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\All Users\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\All Users\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\All Users\Desktop\JRT.exe
2013-10-08 20:11 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\All Users\Desktop\SecurityCheck.exe
2013-10-08 20:11 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-08 20:11 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\All Users\Desktop\adwcleaner.exe
2013-10-08 20:11 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\All Users\Desktop\VEW.exe
2013-10-08 20:11 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\All Users\Desktop\OTL.exe
2013-10-08 20:10 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:50 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\User\Desktop\FSS.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 17:25 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 17:25 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-08 17:25 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-08 17:25 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-08 17:25 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-08 17:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-08 17:24 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-08 17:23 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:08 - 2013-10-08 20:09 - 00000000 ____D C:\Program Files\Speccy
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-10-08 18:32 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-07 19:23 - 2013-09-09 02:57 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2013-10-07 19:13 - 2013-10-08 20:27 - 00000000 ____D C:\AdwCleaner
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 19:00 - 2013-10-09 20:51 - 00005592 _____ C:\VEW.txt
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:47 - 2013-10-07 21:20 - 00009592 _____ C:\WINDOWS\bitssetup.log
2013-10-06 19:46 - 2013-10-06 19:46 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-18 18:43 - 2013-10-07 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:59 - 2013-10-09 20:03 - 00000000 ____D C:\Qoobox
2013-10-10 17:59 - 2008-01-24 21:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-10 17:59 - 2005-01-13 22:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-10 17:56 - 2001-08-23 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-10 17:48 - 2008-01-24 21:10 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-10 17:46 - 2013-10-10 17:46 - 01954124 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST64-1.exe
2013-10-10 17:44 - 2013-10-10 17:44 - 01954124 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST64.exe
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-10 16:56 - 2012-03-28 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-10 16:49 - 2008-05-16 09:39 - 00015587 _____ C:\Documents and Settings\User\My Documents\personal info.txt
2013-10-10 15:29 - 2008-01-24 21:17 - 01533577 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-10 05:46 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype
2013-10-10 05:27 - 2008-01-24 13:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-10 05:27 - 2008-01-24 13:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-10 05:27 - 2001-08-23 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-09 21:08 - 2008-01-24 21:11 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2013-10-09 20:51 - 2013-10-07 19:00 - 00005592 _____ C:\VEW.txt
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:47 - 2009-11-08 14:19 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-09 20:41 - 2013-10-09 20:22 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:38 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:28 - 2013-10-09 20:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:16 - 2013-10-09 20:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:14 - 2005-01-13 22:32 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2008-01-24 12:56 - 00000327 __RSH C:\boot.ini
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 11:56 - 2012-03-28 20:58 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 11:56 - 2011-05-16 05:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 10:30 - 2013-10-09 10:31 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:27 - 2013-10-07 19:13 - 00000000 ____D C:\AdwCleaner
2013-10-08 20:27 - 2008-08-17 19:41 - 00000178 ___SH C:\Documents and Settings\Administrator.VERYFASTUSER\ntuser.ini
2013-10-08 20:10 - 2013-10-08 20:12 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\All Users\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:09 - 2013-10-08 20:11 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Copy of Speccy.lnk
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:25 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-07 20:08 - 00000000 ____D C:\Program Files\Speccy
2013-10-08 20:09 - 2008-06-08 13:20 - 00643265 _____ C:\WINDOWS\setupapi.log
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:51 - 2013-10-08 20:12 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\All Users\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 18:50 - 00358923 _____ (Farbar) C:\Documents and Settings\User\Desktop\FSS.exe
2013-10-08 18:39 - 2013-10-08 20:12 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\All Users\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 18:32 - 2013-10-07 19:23 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-08 17:19 - 2013-10-08 20:11 - 01032220 _____ (Thisisu) C:\Documents and Settings\All Users\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:25 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 21:20 - 2013-10-06 19:47 - 00009592 _____ C:\WINDOWS\bitssetup.log
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-08 20:11 - 00891167 _____ C:\Documents and Settings\All Users\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:09 - 2009-10-29 05:50 - 00000152 _____ C:\Documents and Settings\User\Application Data\default.rss
2013-10-07 20:09 - 2008-03-27 21:03 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-08 20:11 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:25 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-09-18 18:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-07 19:22 - 2008-01-24 12:53 - 00000000 ____D C:\WINDOWS\Resources
2013-10-07 19:12 - 2013-10-08 20:11 - 01045226 _____ C:\Documents and Settings\All Users\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:25 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:24 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:23 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 18:58 - 2013-10-08 20:11 - 00061440 _____ ( ) C:\Documents and Settings\All Users\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-08 17:25 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-08 17:24 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:46 - 2013-10-06 19:46 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
2013-10-06 19:25 - 2013-10-08 20:11 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\All Users\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:23 - 2003-07-29 11:37 - 00051712 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-06 19:14 - 2008-01-24 12:58 - 00998376 _____ C:\WINDOWS\ocgen.log
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-04 16:10 - 2013-01-30 18:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 20:06 - 2009-01-18 20:31 - 00000000 ____D C:\Program Files\ Hijack This
2013-10-01 20:01 - 2008-01-24 21:29 - 00048656 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-01 19:03 - 2008-01-24 12:57 - 00218448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-01 11:54 - 2013-01-30 18:51 - 00000000 ___RD C:\Program Files\Skype
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-23 21:39 - 2008-01-24 21:25 - 00073963 _____ C:\WINDOWS\wmsetup.log
2013-09-23 17:09 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 15:18 - 2013-07-04 21:23 - 00000000 ____D C:\Documents and Settings\User\Application Data\mp3tagpro
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-21 13:46 - 2013-02-06 17:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 06:24 - 2012-07-03 19:48 - 00000501 _____ C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
2013-09-17 19:51 - 2008-03-24 00:12 - 00002852 _____ C:\email addresses.txt
2013-09-17 17:06 - 2008-08-17 10:05 - 00000000 ____D C:\Documents and Settings\User\My Documents\Certs
2013-09-15 12:12 - 2008-04-06 00:04 - 00000000 ____D C:\Documents and Settings\User\My Documents\Codes

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\102_Utilties.exe
C:\Documents and Settings\Administrator\Local Settings\temp\4jicz4xo.exe
C:\Documents and Settings\Administrator\Local Settings\temp\9wi40xt1.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AtiCimUn.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRun.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRunGUI.dll
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_05_03.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_08_01.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_2_4.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_3_5.exe
C:\Documents and Settings\Administrator\Local Settings\temp\CVC1E.exe
C:\Documents and Settings\Administrator\Local Settings\temp\e01sm8xm.exe
C:\Documents and Settings\Administrator\Local Settings\temp\FishBot.exe
C:\Documents and Settings\Administrator\Local Settings\temp\FlashPlayerUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ginstall.dll
C:\Documents and Settings\Administrator\Local Settings\temp\iahy5sbg.exe
C:\Documents and Settings\Administrator\Local Settings\temp\j3446s6t.exe
C:\Documents and Settings\Administrator\Local Settings\temp\miunst_.exe
C:\Documents and Settings\Administrator\Local Settings\temp\mPlayer.dj.dll
C:\Documents and Settings\Administrator\Local Settings\temp\mpt404b.exe
C:\Documents and Settings\Administrator\Local Settings\temp\msgup810_249_us.exe
C:\Documents and Settings\Administrator\Local Settings\temp\NagraMaster3.7.exe
C:\Documents and Settings\Administrator\Local Settings\temp\NeoterisSetup.exe
C:\Documents and Settings\Administrator\Local Settings\temp\qv2g3krl.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regincd.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regincd2.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regtdi.exe
C:\Documents and Settings\Administrator\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ttsetup.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\temp\vmpremov.exe
C:\Documents and Settings\Administrator\Local Settings\temp\WD Passport 2.5 W98 installer.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ymsgr_inst.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ytb_inst.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ywiseext.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by User at 2013-10-10 18:03:19
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

"Nero SoundTrax Help (Version: 4.4.32.0)
µTorrent (HKCU Version: 3.3.1.30017)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.2)
Adobe Acrobat 8.1.2 Professional (Version: 8.1.2)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop Album 2.0 (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advertising Center (Version: 0.0.0.2)
Alcohol 120% (Version: 1.9.2.1705)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.138)
ArcSoft WebCam Companion 3 (Version: 3.0.45.413)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DolbyFiles (Version: 2.0)
Elevated Installer (Version: 2.1.13)
Garmin City Navigator North America NT 2010.10 Update (Version: 13.0.0.0)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133)
GreatArcadeHits (HKCU Version: 1.0)
HijackThis 1.99.1 (Version: 1.99.1)
HP Webcam User's Guide
ICatch (VI) PC Camera
ImagXpress (Version: 7.0.74.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Magic ISO Maker v5.4 (build 0251)
magicJack (HKCU Version: 2.0.6073.4252)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Menu Templates - Pack 1 (Version: 9.4.6.0)
Menu Templates - Pack 2 (Version: 9.4.6.0)
Menu Templates - Pack 3 (Version: 9.4.6.0)
Menu Templates - Starter Kit (Version: 9.4.6.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Movie Templates - Pack 1 (Version: 9.4.6.0)
Movie Templates - Starter Kit (Version: 9.4.6.0)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
mp3Tag Pro 8.1
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero 9
Nero BackItUp (Version: 5.2.6000)
Nero BackItUp and Burn (Version: 1.2.0009)
Nero Burning ROM Help (Version: 9.4.17.100)
Nero BurnRights (Version: 3.4.11.100)
Nero BurnRights (Version: 3.6.17000)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.12.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.11.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express (Version: 9.6.11000)
Nero Express Help (Version: 9.4.17.100)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Live (Version: 1.4.48.0)
Nero Live Help (Version: 1.4.48.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 4.4.31.0)
Nero Recode Help (Version: 4.4.31.0)
Nero Rescue Agent (Version: 2.4.12.100)
Nero RescueAgent (Version: 2.6.13000)
Nero RescueAgent Help (Version: 2.4.4.100)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.14.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.10.205)
Nero Vision Help (Version: 6.4.8.100)
Nero WaveEditor (Version: 5.4.32.0)
NeroBurningROM (Version: 9.4.17.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
NTFS4DOS
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Paragon Drive Backup 8.5 Professional
Platform (Version: 1.24)
QuickPar 0.9 (Version: 0.9)
QuickShare (Version: 1.135.60.12323)
Realtek High Definition Audio Driver (Version: 5.10.0.5433)
Skype Click to Call (Version: 6.12.13601)
Skype™ 6.7 (Version: 6.7.102)
SoundTrax (Version: 4.4.32.0)
Speccy (Version: 1.23)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
UseNeXT by Tangysoft
VIA Display Driver 6.14.10.0095
VIA Platform Device Manager (Version: 1.24)
VIA Rhine-Family Fast-Ethernet Adapter
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.5318)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
WinRAR archiver
WinZip (Version: 8.1 (4331))
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
YouTube Downloader Toolbar v6.0 (Version: 6.0)
YTD Video Downloader 4.5.1 (Version: 4.5.1)

==================== Restore Points =========================

13-07-2013 01:49:27 System Checkpoint
14-07-2013 03:01:27 System Checkpoint
15-07-2013 04:13:27 System Checkpoint
16-07-2013 04:25:27 System Checkpoint
17-07-2013 04:37:31 System Checkpoint
18-07-2013 05:49:31 System Checkpoint
19-07-2013 11:30:41 System Checkpoint
20-07-2013 14:54:55 System Checkpoint
21-07-2013 15:23:21 System Checkpoint
22-07-2013 15:47:20 System Checkpoint
23-07-2013 16:02:23 System Checkpoint
24-07-2013 16:42:14 System Checkpoint
25-07-2013 17:39:09 System Checkpoint
26-07-2013 17:51:11 System Checkpoint
27-07-2013 18:56:28 System Checkpoint
28-07-2013 18:57:57 System Checkpoint
29-07-2013 21:05:04 System Checkpoint
30-07-2013 22:48:24 System Checkpoint
31-07-2013 23:27:16 System Checkpoint
01-08-2013 23:48:24 System Checkpoint
03-08-2013 00:41:09 System Checkpoint
04-08-2013 00:53:09 System Checkpoint
05-08-2013 01:05:08 System Checkpoint
06-08-2013 01:26:28 System Checkpoint
07-08-2013 01:32:24 System Checkpoint
08-08-2013 01:50:53 System Checkpoint
09-08-2013 11:15:08 System Checkpoint
10-08-2013 15:27:07 System Checkpoint
11-08-2013 15:43:11 System Checkpoint
12-08-2013 16:43:11 System Checkpoint
13-08-2013 16:46:21 System Checkpoint
14-08-2013 16:58:20 System Checkpoint
15-08-2013 17:43:28 System Checkpoint
16-08-2013 18:23:02 System Checkpoint
17-08-2013 18:37:15 System Checkpoint
18-08-2013 19:16:22 System Checkpoint
19-08-2013 19:45:11 System Checkpoint
20-08-2013 21:11:26 System Checkpoint
21-08-2013 22:19:16 System Checkpoint
22-08-2013 22:35:48 System Checkpoint
23-08-2013 23:59:47 System Checkpoint
25-08-2013 00:35:47 System Checkpoint
26-08-2013 01:23:48 System Checkpoint
27-08-2013 11:18:11 System Checkpoint
28-08-2013 11:59:08 System Checkpoint
29-08-2013 13:35:08 System Checkpoint
30-08-2013 14:59:08 System Checkpoint
31-08-2013 15:58:10 System Checkpoint
01-09-2013 16:23:13 System Checkpoint
02-09-2013 17:14:17 System Checkpoint
03-09-2013 18:47:53 System Checkpoint
04-09-2013 18:52:59 System Checkpoint
05-09-2013 19:41:29 System Checkpoint
06-09-2013 20:51:00 System Checkpoint
07-09-2013 21:43:30 System Checkpoint
08-09-2013 22:47:58 System Checkpoint
09-09-2013 23:46:11 System Checkpoint
11-09-2013 00:17:17 System Checkpoint
12-09-2013 00:47:48 System Checkpoint
13-09-2013 01:20:26 System Checkpoint
14-09-2013 01:31:13 System Checkpoint
15-09-2013 02:30:07 System Checkpoint
16-09-2013 02:40:58 System Checkpoint
17-09-2013 03:11:11 System Checkpoint
18-09-2013 11:29:34 System Checkpoint
19-09-2013 11:45:31 System Checkpoint
20-09-2013 12:56:52 System Checkpoint
21-09-2013 12:59:45 System Checkpoint
22-09-2013 13:47:39 System Checkpoint
23-09-2013 14:04:16 System Checkpoint
24-09-2013 14:50:11 System Checkpoint
25-09-2013 15:49:07 System Checkpoint
26-09-2013 16:00:52 System Checkpoint
27-09-2013 17:09:57 System Checkpoint
28-09-2013 17:19:35 System Checkpoint
29-09-2013 18:35:01 System Checkpoint
30-09-2013 18:53:02 System Checkpoint
01-10-2013 19:12:41 System Checkpoint
02-10-2013 20:40:30 System Checkpoint
03-10-2013 23:04:40 System Checkpoint
05-10-2013 00:05:59 System Checkpoint
06-10-2013 00:42:20 System Checkpoint
07-10-2013 02:52:02 System Checkpoint
08-10-2013 01:16:13 OTL Restore Point - 10/7/2013 8:16:10 PM
08-10-2013 01:26:40 OTL Restore Point - 10/7/2013 8:26:37 PM
08-10-2013 23:57:35 OTL Restore Point - 10/8/2013 6:57:31 PM
10-10-2013 00:34:46 System Checkpoint

==================== Hosts content: ==========================

2001-08-23 07:00 - 2013-10-09 20:15 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Plug and Play BIOS Extension
Description: Plug and Play BIOS Extension
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: a347bus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 05:58:33 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP01> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:55:42 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:55:32 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:55:32 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:54:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\LOCKED> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:54:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\LOCKED> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:53:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP0701> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:52:03 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP0300> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:49:39 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP0001> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/10/2013 05:49:24 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (10/10/2013 05:54:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/10/2013 05:49:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/10/2013 05:48:06 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/10/2013 05:47:55 PM) (Source: Service Control Manager) (User: )
Description: The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/10/2013 05:27:44 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service failed to start due to the following error:
%%1290

Error: (10/10/2013 05:27:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/09/2013 08:48:09 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 80593cf9, parameter3 b9f20880, parameter4 00000000.

Error: (10/09/2013 08:47:58 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service failed to start due to the following error:
%%1290

Error: (10/09/2013 08:47:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/09/2013 08:44:44 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service failed to start due to the following error:
%%1290


Microsoft Office Sessions:
=========================
Error: (10/10/2013 05:58:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP01

Error: (10/10/2013 05:55:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP4700

Error: (10/10/2013 05:55:32 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP4700

Error: (10/10/2013 05:55:32 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP4700

Error: (10/10/2013 05:54:12 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\LOCKED

Error: (10/10/2013 05:54:12 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\LOCKED

Error: (10/10/2013 05:53:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP0701

Error: (10/10/2013 05:52:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP0300

Error: (10/10/2013 05:49:39 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP0001

Error: (10/10/2013 05:49:24 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\COMBOFIX\TEMP00


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 1790.42 MB
Available physical RAM: 1277.01 MB
Total Pagefile: 3688.37 MB
Available Pagefile: 3393.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:24.22 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive k: () (Network) (Total:127.99 GB) (Free:24.22 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: FA9AFA9A)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that




Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


We need to fix the BITS service. Apparently there is something in the same svchost process that is not right.

Let's see if svchost_viewer will help: Download and Save the zip file here:

http://www.majorgeek...t_viewer,1.html

Right click on it and Extract All. Run the svchost viewer.exe file.

Yes

Once it finishes scanning you will see a bunch of svchost processes. Click on the + in front of each and look for BITS. When you find it take a screen shot and attach it:

Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: SVCHOST

Select a file type. jpeg

Click the Save button.

Attach SVCHOST.jpg to your Reply.


Let's also look at the registry for BITS


copy the next 4 lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS /s > \junk.txt
net start BITS >> \junk.txt
net start >> \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, Command Prompt. Right click and Paste (or Edit then Paste) and the copied lines should appear. Hit Enter. Notepad should open. Copy the text from notepad and paste it into a reply.
  • 0

#12
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by User (administrator) on VERYFASTUSER on 11-10-2013 16:32:01
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKCU\...\Run: [cdloader] - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB212] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8548] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4962] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD4629] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB9292] - command.com /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2776] - cmd.exe /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7206] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD623] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4635] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3117] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB8955] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6534] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1676] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6326] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7234] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8805] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB3523] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6481] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1400] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3854] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB5520] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6325] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1850] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2173] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4402] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD7390] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1973] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD262] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7254] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD204] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S2].txt [ 2013-10-08] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0D7191D1-C6C9-4AE4-9515-1735958A3719} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKCU - {3F8C7A0E-E4EB-4196-9531-4D194A1B16C0} URL = http://search.micros...q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...h={searchTerms}
SearchScopes: HKCU - {DC04EA3C-687E-438D-BF5D-AF4584BEED23} URL = http://search.yahoo....=utf-8&fr=b1ie7
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default
FF NewTab: hxxp://mystart.incredibar.com/?a=&loc=skw
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Echofon - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\[email protected]
FF Extension: FireShot - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: Garmin Communicator - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Extension: (DealPly Shopping) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S4 NetBurnerService; C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [223248 2007-02-21] (Paragon GmbH)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 uCamMonitor; C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [134616 2010-08-02] (Deterministic Networks, Inc.)
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [38448 2007-02-21] (Paragon Software Group)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NetBurn; C:\Windows\System32\DRIVERS\NetBurn.sys [84752 2007-02-21] (Rocket Division Software)
R3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [714240 2007-06-04] (S3 Graphics Co., Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32352 2007-02-21] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131456 2007-02-21] (Paragon)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [22168 2009-05-05] (VIA Technologies,Inc)
S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 16:27 - 2013-10-11 16:27 - 00003474 _____ C:\Documents and Settings\User\Desktop\fixlist.txt
2013-10-11 16:16 - 2013-10-11 16:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-10 18:03 - 2013-10-10 18:03 - 00022306 _____ C:\Documents and Settings\User\Desktop\Addition.txt
2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atapi.sys
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:24 - 2013-10-09 20:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:41 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:22 - 2013-10-09 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2013-06-27 19:21 - 00000211 _____ C:\Boot.bak
2013-10-09 20:06 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-09 20:03 - 2013-10-10 17:59 - 00000000 ____D C:\Qoobox
2013-10-09 20:03 - 2013-10-09 20:16 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:03 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-09 20:03 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-09 20:03 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 10:31 - 2013-10-09 10:30 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:12 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:12 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 20:12 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 17:25 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 17:25 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-08 17:25 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-08 17:25 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-08 17:25 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-08 17:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-08 17:24 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-08 17:23 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:08 - 2013-10-08 20:09 - 00000000 ____D C:\Program Files\Speccy
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-10-08 18:32 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-07 19:23 - 2013-09-09 02:57 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2013-10-07 19:13 - 2013-10-08 20:27 - 00000000 ____D C:\AdwCleaner
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 19:00 - 2013-10-09 20:51 - 00005592 _____ C:\VEW.txt
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:47 - 2013-10-07 21:20 - 00009592 _____ C:\WINDOWS\bitssetup.log
2013-10-06 19:46 - 2013-10-06 19:46 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-18 18:43 - 2013-10-07 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-11 16:27 - 2013-10-11 16:27 - 00003474 _____ C:\Documents and Settings\User\Desktop\fixlist.txt
2013-10-11 16:27 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype
2013-10-11 16:20 - 2013-01-30 18:51 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 16:20 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-11 16:18 - 2008-01-24 21:17 - 01554759 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-11 16:17 - 2008-01-24 13:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-11 16:17 - 2008-01-24 13:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-11 16:17 - 2001-08-23 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-11 16:16 - 2013-10-11 16:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-11 16:16 - 2009-11-08 14:19 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-11 16:16 - 2008-01-24 21:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-11 01:51 - 2008-01-24 21:11 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2013-10-11 01:51 - 2008-01-24 21:10 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-11 00:56 - 2012-03-28 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-10 18:03 - 2013-10-10 18:03 - 00022306 _____ C:\Documents and Settings\User\Desktop\Addition.txt
2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:59 - 2013-10-09 20:03 - 00000000 ____D C:\Qoobox
2013-10-10 17:59 - 2005-01-13 22:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-10 17:56 - 2001-08-23 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-10 16:49 - 2008-05-16 09:39 - 00015587 _____ C:\Documents and Settings\User\My Documents\personal info.txt
2013-10-09 20:51 - 2013-10-07 19:00 - 00005592 _____ C:\VEW.txt
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:41 - 2013-10-09 20:22 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:38 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:28 - 2013-10-09 20:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:16 - 2013-10-09 20:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:14 - 2005-01-13 22:32 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2008-01-24 12:56 - 00000327 __RSH C:\boot.ini
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 11:56 - 2012-03-28 20:58 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 11:56 - 2011-05-16 05:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 10:30 - 2013-10-09 10:31 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:27 - 2013-10-07 19:13 - 00000000 ____D C:\AdwCleaner
2013-10-08 20:27 - 2008-08-17 19:41 - 00000178 ___SH C:\Documents and Settings\Administrator.VERYFASTUSER\ntuser.ini
2013-10-08 20:10 - 2013-10-08 20:12 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:25 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-07 20:08 - 00000000 ____D C:\Program Files\Speccy
2013-10-08 20:09 - 2008-06-08 13:20 - 00643265 _____ C:\WINDOWS\setupapi.log
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:51 - 2013-10-08 20:12 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 18:39 - 2013-10-08 20:12 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 18:32 - 2013-10-07 19:23 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-08 17:19 - 2013-10-08 17:25 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 21:20 - 2013-10-06 19:47 - 00009592 _____ C:\WINDOWS\bitssetup.log
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-08 17:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:09 - 2009-10-29 05:50 - 00000152 _____ C:\Documents and Settings\User\Application Data\default.rss
2013-10-07 20:09 - 2008-03-27 21:03 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-08 20:11 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:25 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-09-18 18:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-07 19:22 - 2008-01-24 12:53 - 00000000 ____D C:\WINDOWS\Resources
2013-10-07 19:12 - 2013-10-08 17:25 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:24 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:23 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 18:58 - 2013-10-08 17:25 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-08 17:24 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:46 - 2013-10-06 19:46 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
2013-10-06 19:25 - 2013-10-08 17:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:23 - 2003-07-29 11:37 - 00051712 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-06 19:14 - 2008-01-24 12:58 - 00998376 _____ C:\WINDOWS\ocgen.log
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-04 16:10 - 2013-01-30 18:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 20:06 - 2009-01-18 20:31 - 00000000 ____D C:\Program Files\ Hijack This
2013-10-01 20:01 - 2008-01-24 21:29 - 00048656 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-01 19:03 - 2008-01-24 12:57 - 00218448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-23 21:39 - 2008-01-24 21:25 - 00073963 _____ C:\WINDOWS\wmsetup.log
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 15:18 - 2013-07-04 21:23 - 00000000 ____D C:\Documents and Settings\User\Application Data\mp3tagpro
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-21 13:46 - 2013-02-06 17:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 06:24 - 2012-07-03 19:48 - 00000501 _____ C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
2013-09-17 19:51 - 2008-03-24 00:12 - 00002852 _____ C:\email addresses.txt
2013-09-17 17:06 - 2008-08-17 10:05 - 00000000 ____D C:\Documents and Settings\User\My Documents\Certs
2013-09-15 12:12 - 2008-04-06 00:04 - 00000000 ____D C:\Documents and Settings\User\My Documents\Codes

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\102_Utilties.exe
C:\Documents and Settings\Administrator\Local Settings\temp\4jicz4xo.exe
C:\Documents and Settings\Administrator\Local Settings\temp\9wi40xt1.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AtiCimUn.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRun.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRunGUI.dll
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_05_03.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_08_01.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_2_4.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_3_5.exe
C:\Documents and Settings\Administrator\Local Settings\temp\CVC1E.exe
C:\Documents and Settings\Administrator\Local Settings\temp\e01sm8xm.exe
C:\Documents and Settings\Administrator\Local Settings\temp\FishBot.exe
C:\Documents and Settings\Administrator\Local Settings\temp\FlashPlayerUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ginstall.dll
C:\Documents and Settings\Administrator\Local Settings\temp\iahy5sbg.exe
C:\Documents and Settings\Administrator\Local Settings\temp\j3446s6t.exe
C:\Documents and Settings\Administrator\Local Settings\temp\miunst_.exe
C:\Documents and Settings\Administrator\Local Settings\temp\mPlayer.dj.dll
C:\Documents and Settings\Administrator\Local Settings\temp\mpt404b.exe
C:\Documents and Settings\Administrator\Local Settings\temp\msgup810_249_us.exe
C:\Documents and Settings\Administrator\Local Settings\temp\NagraMaster3.7.exe
C:\Documents and Settings\Administrator\Local Settings\temp\NeoterisSetup.exe
C:\Documents and Settings\Administrator\Local Settings\temp\qv2g3krl.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regincd.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regincd2.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regtdi.exe
C:\Documents and Settings\Administrator\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ttsetup.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\temp\vmpremov.exe
C:\Documents and Settings\Administrator\Local Settings\temp\WD Passport 2.5 W98 installer.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ymsgr_inst.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ytb_inst.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ywiseext.dll
C:\Documents and Settings\User\Local Settings\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Mini101113-01.dmp 10/11/2013 4:15:48 PM PFN_LIST_CORRUPT 0x0000004e 0x00000002 0x000f677d 0x0006fedf 0x0000eaef ntoskrnl.exe ntoskrnl.exe+606c2 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+606c2 ntoskrnl.exe+525c6 ntoskrnl.exe+20528 ntoskrnl.exe+1749b C:\WINDOWS\MiniDump\Mini101113-01.dmp 2 15 2600 106,496 10/11/2013 4:16:45 PM
Mini100913-02.dmp 10/9/2013 8:46:31 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x80593cf9 0xb9f20880 0x00000000 ntoskrnl.exe ntoskrnl.exe+bccf9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+bccf9 ntoskrnl.exe+bcf5b ntoskrnl.exe+bc51b ntoskrnl.exe+9b724 C:\WINDOWS\MiniDump\Mini100913-02.dmp 2 15 2600 106,496 10/9/2013 8:47:36 PM
Mini100913-01.dmp 10/9/2013 10:30:05 AM NTFS_FILE_SYSTEM 0x00000024 0x001902fe 0xf78ba42c 0xf78ba128 0x804ed4d8 Ntfs.sys Ntfs.sys+dff0 NT File System Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2111) 32-bit ntoskrnl.exe+606c2 Ntfs.sys+dff0 Ntfs.sys+55ed0 ntoskrnl.exe+b3d5 C:\WINDOWS\MiniDump\Mini100913-01.dmp 2 15 2600 106,496 10/9/2013 10:30:58 AM
Mini100813-03.dmp 10/8/2013 8:58:04 PM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0xa6000008 0x00000000 0xbf80a8f8 0x00000000 win32k.sys win32k.sys+a8f8 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+a8f8 win32k.sys+12bc win32k.sys+1261 win32k.sys+82eb8 C:\WINDOWS\MiniDump\Mini100813-03.dmp 2 15 2600 106,496 10/8/2013 8:58:53 PM
Mini100813-02.dmp 10/8/2013 6:52:03 PM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0xffffffec 0x00000000 0x804f58a5 0x00000000 ntoskrnl.exe ntoskrnl.exe+1e8a5 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+1e8a5 ntoskrnl.exe+ae5d2 ntoskrnl.exe+699f C:\WINDOWS\MiniDump\Mini100813-02.dmp 2 15 2600 106,496 10/8/2013 6:52:53 PM
Mini100813-01.dmp 10/8/2013 5:15:17 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x0101020c 0x0000001c 0x00000000 0x804fffad ntoskrnl.exe ntoskrnl.exe+28fad NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+28fad ntoskrnl.exe+b5501 ntoskrnl.exe+699f ntoskrnl.exe+d037 C:\WINDOWS\MiniDump\Mini100813-01.dmp 2 15 2600 106,496 10/8/2013 5:16:11 PM
Mini100713-01.dmp 10/7/2013 5:28:35 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x805515a1 0xa525a26c 0x00000000 win32k.sys win32k.sys+2a00 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit ntoskrnl.exe+7a5a1 win32k.sys+2ab4 win32k.sys+5823 win32k.sys+57b7 C:\WINDOWS\MiniDump\Mini100713-01.dmp 2 15 2600 106,496 10/7/2013 5:29:34 PM
Mini100413-01.dmp 10/4/2013 4:12:14 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x80551ae2 0xa60709ac 0x00000000 ntoskrnl.exe ntoskrnl.exe+7aae2 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+7aae2 ntoskrnl.exe+7aac7 ntoskrnl.exe+b9952 ntoskrnl.exe+9e211 C:\WINDOWS\MiniDump\Mini100413-01.dmp 2 15 2600 106,496 10/4/2013 4:13:04 PM
Mini100313-01.dmp 10/3/2013 9:02:41 PM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0xe2cf0090 0x00000000 0x804f1733 0x00000001 Ntfs.sys Ntfs.sys+43b09 NT File System Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2111) 32-bit ntoskrnl.exe+1a733 ntoskrnl.exe+3bd41 Ntfs.sys+43b09 Ntfs.sys+43a6b C:\WINDOWS\MiniDump\Mini100313-01.dmp 2 15 2600 106,496 10/3/2013 9:03:31 PM
Mini100213-01.dmp 10/2/2013 5:35:18 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0xffffffe0 0x00000002 0x00000000 0x804e8088 ntoskrnl.exe ntoskrnl.exe+11088 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+11088 ntoskrnl.exe+f3c1 ntoskrnl.exe+9f320 C:\WINDOWS\MiniDump\Mini100213-01.dmp 2 15 2600 106,496 10/2/2013 5:36:07 PM
Mini100113-01.dmp 10/1/2013 11:52:40 AM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x805515a1 0xa5b579e0 0x00000000 win32k.sys win32k.sys+5473 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit ntoskrnl.exe+7a5a1 win32k.sys+2ab4 win32k.sys+5967 win32k.sys+b86 C:\WINDOWS\MiniDump\Mini100113-01.dmp 2 15 2600 106,496 10/1/2013 11:53:35 AM
Mini092813-01.dmp 9/28/2013 7:52:54 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x00000002 0x00000000 0x804e7eed ntoskrnl.exe ntoskrnl.exe+10eed NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+10eed ntoskrnl.exe+1995c ntoskrnl.exe+9956 win32k.sys+ac97f C:\WINDOWS\MiniDump\Mini092813-01.dmp 2 15 2600 106,496 9/28/2013 7:53:42 PM
Mini092713-01.dmp 9/27/2013 10:13:30 PM PFN_LIST_CORRUPT 0x0000004e 0x0000008f 0x0002530e 0x0002af6e 0x00000000 ntoskrnl.exe ntoskrnl.exe+606c2 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+606c2 ntoskrnl.exe+51579 ntoskrnl.exe+1d92be ntoskrnl.exe+9f320 C:\WINDOWS\MiniDump\Mini092713-01.dmp 2 15 2600 106,496 9/27/2013 10:14:18 PM
Mini092513-01.dmp 9/25/2013 3:21:40 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x00000002 0x00000000 0x804e7eed ntoskrnl.exe ntoskrnl.exe+10eed NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+10eed ntoskrnl.exe+1995c ntoskrnl.exe+9956 win32k.sys+ac97f C:\WINDOWS\MiniDump\Mini092513-01.dmp 2 15 2600 106,496 9/25/2013 3:22:30 PM
Mini092213-01.dmp 9/22/2013 9:22:40 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0xc08a5508 0x0000001c 0x00000001 0x804e1642 win32k.sys win32k.sys+171b Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit ntoskrnl.exe+a642 ntoskrnl.exe+a79e ntoskrnl.exe+b107 win32k.sys+171b C:\WINDOWS\MiniDump\Mini092213-01.dmp 2 15 2600 106,496 9/22/2013 9:23:26 PM
Mini092113-01.dmp 9/21/2013 1:45:13 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x0a080012 0x00000002 0x00000001 0x805178e2 ntoskrnl.exe ntoskrnl.exe+408e2 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+408e2 ntoskrnl.exe+440aa ntoskrnl.exe+2443c ntoskrnl.exe+136f3 C:\WINDOWS\MiniDump\Mini092113-01.dmp 2 15 2600 106,496 9/21/2013 1:46:00 PM
Mini090813-01.dmp 9/8/2013 6:12:54 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x805515a1 0xa608ca28 0x00000000 win32k.sys win32k.sys+8f2c Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit ntoskrnl.exe+7a5a1 win32k.sys+2ab4 win32k.sys+139b2 win32k.sys+195b9 C:\WINDOWS\MiniDump\Mini090813-01.dmp 2 15 2600 106,496 9/8/2013 6:13:42 PM
Mini090413-01.dmp 9/4/2013 7:10:54 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x00000002 0x00000000 0x804e7eed ntoskrnl.exe ntoskrnl.exe+10eed NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+10eed ntoskrnl.exe+1995c ntoskrnl.exe+9956 win32k.sys+ac97f C:\WINDOWS\MiniDump\Mini090413-01.dmp 2 15 2600 106,496 9/4/2013 7:11:42 AM
Mini090113-01.dmp 9/1/2013 7:56:08 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x00000002 0x00000000 0x804e7eed win32k.sys win32k.sys+8500 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit ntoskrnl.exe+10eed ntoskrnl.exe+1995c ntoskrnl.exe+9956 C:\WINDOWS\MiniDump\Mini090113-01.dmp 2 15 2600 106,496 9/1/2013 7:57:00 PM
Mini082713-01.dmp 8/27/2013 5:53:08 PM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x100000d1 0x00000092 0x00000002 0x00000000 0xf7848f28 NDIS.sys NDIS.sys+18f28 NDIS 5.1 wrapper driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.5512 (xpsp.080413-0852) 32-bit NDIS.sys+18f28 ntoskrnl.exe+bb6e ntoskrnl.exe+b09d ntoskrnl.exe+5d22 C:\WINDOWS\MiniDump\Mini082713-01.dmp 2 15 2600 106,496 8/27/2013 5:53:52 PM
Mini082613-01.dmp 8/26/2013 5:46:38 AM BAD_POOL_HEADER 0x00000019 0x00000020 0x89cb96d8 0x89cb9740 0x0a0d002a ntoskrnl.exe ntoskrnl.exe+606c2 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+606c2 ntoskrnl.exe+7afc5 ntoskrnl.exe+fdb2 ntoskrnl.exe+44251 C:\WINDOWS\MiniDump\Mini082613-01.dmp 2 15 2600 106,496 8/26/2013 5:47:25 AM
Mini080713-01.dmp 8/7/2013 5:32:54 AM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0x80000008 0x00000001 0x805515a1 0x00000000 ntoskrnl.exe ntoskrnl.exe+7a5a1 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+7a5a1 ntoskrnl.exe+a742a ntoskrnl.exe+9c115 ntoskrnl.exe+9bec6 C:\WINDOWS\MiniDump\Mini080713-01.dmp 2 15 2600 106,496 8/7/2013 5:33:37 AM
Mini080113-01.dmp 8/1/2013 10:14:21 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x0000001c 0x00000000 0x804e7453 hal.dll hal.dll+2300 Hardware Abstraction Layer DLL Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2111) 32-bit ntoskrnl.exe+10453 ntoskrnl.exe+ed40 ntoskrnl.exe+bdd25 ntoskrnl.exe+10df61 C:\WINDOWS\MiniDump\Mini080113-01.dmp 2 15 2600 106,496 8/1/2013 10:15:08 PM
Mini072613-01.dmp 7/26/2013 5:48:21 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x00000002 0x00000000 0x804e7eed ntoskrnl.exe ntoskrnl.exe+10eed NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+10eed ntoskrnl.exe+137b4 ntoskrnl.exe+13b59 ntoskrnl.exe+9956 C:\WINDOWS\MiniDump\Mini072613-01.dmp 2 15 2600 106,496 7/26/2013 5:49:03 PM
Mini071813-01.dmp 7/18/2013 4:55:06 PM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0xf18b14bc 0x00000000 0x804e8da4 0x00000002 ntoskrnl.exe ntoskrnl.exe+11da4 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+11da4 ntoskrnl.exe+21978 ntoskrnl.exe+21562 ntoskrnl.exe+3d49c C:\WINDOWS\MiniDump\Mini071813-01.dmp 2 15 2600 106,496 7/18/2013 4:55:51 PM
Mini021411-01.dmp 2/14/2011 10:37:36 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f9a 0xa56a78e8 0x00000000 win32k.sys win32k.sys+16f9a Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f9a win32k.sys+186cc win32k.sys+16dbd win32k.sys+17348 C:\WINDOWS\MiniDump\Mini021411-01.dmp 2 15 2600 90,112 2/14/2011 10:38:23 PM
Mini011411-01.dmp 1/14/2011 8:33:30 AM SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e 0xc0000005 0xb9908424 0xa4808930 0xa480862c USBPORT.SYS USBPORT.SYS+15424 USB 1.1 & 2.0 Port Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2108) 32-bit USBPORT.SYS+15424 USBPORT.SYS+13e0a USBPORT.SYS+19088 USBPORT.SYS+23d2 C:\WINDOWS\MiniDump\Mini011411-01.dmp 2 15 2600 90,112 1/14/2011 8:34:16 AM
Mini080410-01.dmp 8/4/2010 12:03:38 AM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f60 0xa6140e18 0x00000000 win32k.sys win32k.sys+16f60 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f60 win32k.sys+1850d win32k.sys+16d81 win32k.sys+1730c C:\WINDOWS\MiniDump\Mini080410-01.dmp 2 15 2600 90,112 8/4/2010 12:04:20 AM
Mini071810-01.dmp 7/18/2010 10:25:44 AM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x100000d1 0x09ca8810 0x00000002 0x00000000 0xb937c656 RtkHDAud.sys RtkHDAud.sys+169656 Realtek® High Definition Audio Function Driver Realtek® High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab) Realtek Semiconductor Corp. 5.10.0.5433 built by: WinDDK 32-bit RtkHDAud.sys+169656 RtkHDAud.sys+14d9a6 RtkHDAud.sys+145e89 RtkHDAud.sys+12cb70 C:\WINDOWS\MiniDump\Mini071810-01.dmp 2 15 2600 90,112 7/18/2010 10:26:22 AM
Mini071410-01.dmp 7/14/2010 3:22:54 AM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf8a4472 0xa58634c4 0x00000000 win32k.sys win32k.sys+a4472 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+a4472 win32k.sys+38b67 win32k.sys+2761c S3gIGP.dll+6bb07 C:\WINDOWS\MiniDump\Mini071410-01.dmp 2 15 2600 90,112 7/14/2010 3:23:57 AM
Mini070710-01.dmp 7/7/2010 8:28:21 AM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f5e 0xa66dde18 0x00000000 win32k.sys win32k.sys+16f5e Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f5e win32k.sys+18820 win32k.sys+16d81 win32k.sys+1730c C:\WINDOWS\MiniDump\Mini070710-01.dmp 2 15 2600 90,112 7/7/2010 8:29:08 AM
Mini063010-01.dmp 6/30/2010 1:38:15 PM BAD_POOL_HEADER 0x00000019 0x00000020 0x89b81638 0x89b81638 0x0a100002 ntoskrnl.exe ntoskrnl.exe+6069a NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+6069a ntoskrnl.exe+7afc5 ntoskrnl.exe+29081 ntoskrnl.exe+ba27d C:\WINDOWS\MiniDump\Mini063010-01.dmp 2 15 2600 90,112 6/30/2010 4:56:47 PM
Mini062710-02.dmp 6/27/2010 11:05:43 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f5e 0xb72d4e18 0x00000000 win32k.sys win32k.sys+16f5e Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f5e win32k.sys+18820 win32k.sys+16d81 win32k.sys+1730c C:\WINDOWS\MiniDump\Mini062710-02.dmp 2 15 2600 90,112 6/27/2010 11:06:42 PM
Mini062710-01.dmp 6/27/2010 6:03:35 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816eab 0xa59da0b8 0x00000000 win32k.sys win32k.sys+16eab Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16eab win32k.sys+18690 win32k.sys+16d81 win32k.sys+17454 C:\WINDOWS\MiniDump\Mini062710-01.dmp 2 15 2600 90,112 6/27/2010 6:06:09 PM
Mini062210-01.dmp 6/22/2010 7:18:38 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f5e 0xa5545248 0x00000000 win32k.sys win32k.sys+16f5e Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f5e win32k.sys+18690 win32k.sys+16d81 win32k.sys+1730c C:\WINDOWS\MiniDump\Mini062210-01.dmp 2 15 2600 90,112 6/22/2010 7:24:56 PM
Mini061510-01.dmp 6/15/2010 1:19:31 PM BAD_POOL_HEADER 0x00000019 0x00000020 0xe3c57c28 0xe3c57c40 0x0c130801 ntoskrnl.exe ntoskrnl.exe+6069a NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+6069a ntoskrnl.exe+7afc5 ntoskrnl.exe+ccace ntoskrnl.exe+b8782 C:\WINDOWS\MiniDump\Mini061510-01.dmp 2 15 2600 90,112 6/15/2010 1:20:37 PM
Mini060510-01.dmp 6/4/2010 8:26:39 PM BAD_POOL_HEADER 0x00000019 0x00000020 0x899bf000 0x899bf348 0x0a790000 ntoskrnl.exe ntoskrnl.exe+6069a NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619) 32-bit ntoskrnl.exe+6069a ntoskrnl.exe+7afc5 ntoskrnl.exe+7a3e3 USBPORT.SYS+a1a1 C:\WINDOWS\MiniDump\Mini060510-01.dmp 2 15 2600 90,112 6/5/2010 6:51:21 AM
Mini060410-01.dmp 6/4/2010 1:58:13 AM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f37 0xa692b734 0x00000000 win32k.sys win32k.sys+16f37 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f37 win32k.sys+187f9 win32k.sys+16d5a win32k.sys+172e5 C:\WINDOWS\MiniDump\Mini060410-01.dmp 2 15 2600 90,112 6/4/2010 1:59:15 AM
Mini060310-01.dmp 6/3/2010 9:18:47 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f37 0xa56558e8 0x00000000 win32k.sys win32k.sys+16f37 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f37 win32k.sys+184e6 win32k.sys+16d5a win32k.sys+172e5 C:\WINDOWS\MiniDump\Mini060310-01.dmp 2 15 2600 90,112 6/3/2010 9:19:50 PM
Mini110809-01.dmp 11/8/2009 2:18:13 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0xbf816f27 0xa61ec248 0x00000000 win32k.sys win32k.sys+16f27 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6228 (xpsp_sp3_gdr.120515-1618) 32-bit win32k.sys+16f27 win32k.sys+18659 win32k.sys+16d4a win32k.sys+172d5 C:\WINDOWS\MiniDump\Mini110809-01.dmp 2 15 2600 90,112 11/8/2009 2:19:09 PM



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
Type REG_DWORD 0x110
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ BITS
DependOnService REG_MULTI_SZ RpcSs\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
FailureActions REG_BINARY 0000000000000000000000000300000068E30C000100000060EA00000100000060EA00000100000060EA0000
DelayedAutoStart REG_DWORD 0x1
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeIncreaseQuotaPrivilege\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters
ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum
0 REG_SZ Root\LEGACY_BITS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
These Windows services are started:

Application Layer Gateway Service
ArcSoft Connect Daemon
Automatic Updates
BITS
COM+ Event System
Computer Browser
CryptSvc
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Garmin Core Update Service
Help and Support
HTTP SSL
IPSEC Services
Java Quick Starter
Logical Disk Manager
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Skype C2C Service
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Universal Plug and Play Device Host
WebClient
Windows Audio
Windows Driver Foundation - User-mode Driver Framework
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Search
Windows Time
Wireless Zero Configuration
Workstation

The command completed successfully.
  • 0

#13
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Here is SVCHOST.JPG

Attached Thumbnails

  • SVCHOST.JPG

Edited by insparks, 11 October 2013 - 04:02 PM.

  • 0

#14
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Not sure what you meant by "Let's also look at the registry for BITS"

I used regedit and did a search for "BITS"

It's probably not what you wanted, there was a lot more so I stopped after five

Attached Thumbnails

  • BITS.JPG
  • BITS 1.JPG
  • BITS 2.JPG
  • BITS 3.JPG
  • BITS 4.JPG
  • BITS 5.JPG

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Doesn't look like the Fix button did anything. Can you try it again? Make sure you have the fixlist.txt file from my previous post in the same folder as FRST.exe and that you hit the Fix button.

The reg query command looks at the BITS registry entries so there is no need for you to go into regedit

I've got to go to a thing with my wife tonight so won't be able to do much more until later.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP