Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't use windows update anymore


  • Please log in to reply

#16
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by User at 2013-10-11 19:41:45 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FF-3EC91C046813
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...h={searchTerms}
SearchScopes: HKCU - {DC04EA3C-687E-438D-BF5D-AF4584BEED23} URL = http://search.yahoo....=utf-8&fr=b1ie7
FF NewTab: hxxp://mystart.incredibar.com/?a=&loc=skw
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Extension: (DealPly Shopping) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0
R3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [x]
C:\Documents and Settings\Administrator\Local Settings\temp\102_Utilties.exe
C:\Documents and Settings\Administrator\Local Settings\temp\4jicz4xo.exe
C:\Documents and Settings\Administrator\Local Settings\temp\9wi40xt1.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AtiCimUn.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRun.exe
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRunGUI.dll
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_05_03.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_08_01.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_2_4.exe
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_3_5.exe
C:\Documents and Settings\Administrator\Local Settings\temp\CVC1E.exe
C:\Documents and Settings\Administrator\Local Settings\temp\e01sm8xm.exe
C:\Documents and Settings\Administrator\Local Settings\temp\FishBot.exe
C:\Documents and Settings\Administrator\Local Settings\temp\FlashPlayerUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ginstall.dll
C:\Documents and Settings\Administrator\Local Settings\temp\iahy5sbg.exe
C:\Documents and Settings\Administrator\Local Settings\temp\j3446s6t.exe
C:\Documents and Settings\Administrator\Local Settings\temp\miunst_.exe
C:\Documents and Settings\Administrator\Local Settings\temp\mPlayer.dj.dll
C:\Documents and Settings\Administrator\Local Settings\temp\mpt404b.exe
C:\Documents and Settings\Administrator\Local Settings\temp\msgup810_249_us.exe
C:\Documents and Settings\Administrator\Local Settings\temp\NagraMaster3.7.exe
C:\Documents and Settings\Administrator\Local Settings\temp\NeoterisSetup.exe
C:\Documents and Settings\Administrator\Local Settings\temp\qv2g3krl.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regincd.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regincd2.exe
C:\Documents and Settings\Administrator\Local Settings\temp\regtdi.exe
C:\Documents and Settings\Administrator\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ttsetup.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\temp\vmpremov.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ymsgr_inst.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ytb_inst.exe
C:\Documents and Settings\Administrator\Local Settings\temp\ywiseext.dll
nd /c del "C:\WINDOWS\system32\nqBeNXyb.ini2
C:\WINDOWS\system32\nqBeNXyb.ini2
C:\WINDOWS\system32\nqBeNXyb.ini
C:\WINDOWS\system32\nqBeNXyb.ini
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC04EA3C-687E-438D-BF5D-AF4584BEED23} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DC04EA3C-687E-438D-BF5D-AF4584BEED23} => Key not found.
Firefox newtab deleted successfully.
HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll not found.
C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf => Moved successfully.
catchme => Service deleted successfully.
hpt3xx => Service deleted successfully.
IntelIde => Service deleted successfully.
mbr => Service not found.
C:\Documents and Settings\Administrator\Local Settings\temp\102_Utilties.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\4jicz4xo.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\9wi40xt1.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\AtiCimUn.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRun.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\AutoRunGUI.dll => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_05_03.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_08_01.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_2_4.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\cmsetup1_3_5.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\CVC1E.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\e01sm8xm.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\FishBot.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\ginstall.dll => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\iahy5sbg.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\j3446s6t.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\miunst_.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\mPlayer.dj.dll => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\mpt404b.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\msgup810_249_us.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\NagraMaster3.7.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\NeoterisSetup.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\qv2g3krl.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\regincd.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\regincd2.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\regtdi.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\setup_wm.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\ttsetup.tmp.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\vmpremov.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\ymsgr_inst.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\ytb_inst.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\ywiseext.dll => Moved successfully.
"C:\WINDOWS\system32\nqBeNXyb.ini2" => File/Directory not found.
"C:\WINDOWS\system32\nqBeNXyb.ini" => File/Directory not found.
"C:\WINDOWS\system32\nqBeNXyb.ini" => File/Directory not found.

==== End of Fixlog ====
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Could you run FRST again and just let it do a Scan?

Your BITS appears to be running but it is running all by itself. Normally it has a bunch of friends.

I don't suppose updates work now do they?

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#18
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
No updates are not working and java is not working and can not enable it because unable to access internet options.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by User (administrator) on VERYFASTUSER on 12-10-2013 13:36:21
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [cdloader] - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB212] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8548] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4962] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD4629] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB9292] - command.com /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2776] - cmd.exe /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7206] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD623] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4635] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3117] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB8955] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6534] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1676] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6326] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7234] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8805] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB3523] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6481] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1400] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3854] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB5520] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6325] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1850] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2173] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4402] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD7390] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1973] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD262] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7254] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD204] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S2].txt [ 2013-10-08] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0F71F77E4C6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0D7191D1-C6C9-4AE4-9515-1735958A3719} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKCU - {3F8C7A0E-E4EB-4196-9531-4D194A1B16C0} URL = http://search.micros...q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Echofon - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\[email protected]
FF Extension: FireShot - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: Garmin Communicator - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2y3w9y1v.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S4 NetBurnerService; C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [223248 2007-02-21] (Paragon GmbH)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 uCamMonitor; C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [134616 2010-08-02] (Deterministic Networks, Inc.)
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [38448 2007-02-21] (Paragon Software Group)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NetBurn; C:\Windows\System32\DRIVERS\NetBurn.sys [84752 2007-02-21] (Rocket Division Software)
R3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [714240 2007-06-04] (S3 Graphics Co., Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32352 2007-02-21] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131456 2007-02-21] (Paragon)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [22168 2009-05-05] (VIA Technologies,Inc)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 10:22 - 2013-10-12 10:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-02.dmp
2013-10-12 08:29 - 2013-10-12 08:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp
2013-10-11 16:53 - 2013-10-11 16:53 - 00003365 _____ C:\Documents and Settings\User\Desktop\junk.txt
2013-10-11 16:52 - 2013-10-11 16:52 - 00003365 _____ C:\junk.txt
2013-10-11 16:47 - 2013-10-11 16:47 - 00017217 _____ C:\Documents and Settings\User\Desktop\BSOD.txt.txt
2013-10-11 16:43 - 2013-10-11 16:43 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\NirSoft BlueScreenView
2013-10-11 16:16 - 2013-10-11 16:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atapi.sys
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:24 - 2013-10-09 20:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:41 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:22 - 2013-10-09 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2013-06-27 19:21 - 00000211 _____ C:\Boot.bak
2013-10-09 20:06 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-09 20:03 - 2013-10-10 17:59 - 00000000 ____D C:\Qoobox
2013-10-09 20:03 - 2013-10-09 20:16 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:03 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-09 20:03 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-09 20:03 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 10:31 - 2013-10-09 10:30 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:12 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:12 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 20:12 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 17:25 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 17:25 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-08 17:25 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-08 17:25 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-08 17:25 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-08 17:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-08 17:24 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-08 17:23 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:08 - 2013-10-08 20:09 - 00000000 ____D C:\Program Files\Speccy
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-10-08 18:32 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-07 19:23 - 2013-09-09 02:57 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2013-10-07 19:13 - 2013-10-08 20:27 - 00000000 ____D C:\AdwCleaner
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 19:00 - 2013-10-09 20:51 - 00005592 _____ C:\VEW.txt
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:47 - 2013-10-07 21:20 - 00009592 _____ C:\WINDOWS\bitssetup.log
2013-10-06 19:46 - 2013-10-06 19:46 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-18 18:43 - 2013-10-07 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-12 13:29 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype
2013-10-12 12:56 - 2012-03-28 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 12:19 - 2008-01-24 21:17 - 01580516 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-12 10:23 - 2008-01-24 13:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-12 10:23 - 2008-01-24 13:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-12 10:23 - 2001-08-23 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-12 10:22 - 2013-10-12 10:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-02.dmp
2013-10-12 10:22 - 2009-11-08 14:19 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-12 10:22 - 2008-01-24 21:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 08:29 - 2013-10-12 08:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp
2013-10-11 17:20 - 2013-01-30 18:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-11 16:53 - 2013-10-11 16:53 - 00003365 _____ C:\Documents and Settings\User\Desktop\junk.txt
2013-10-11 16:52 - 2013-10-11 16:52 - 00003365 _____ C:\junk.txt
2013-10-11 16:47 - 2013-10-11 16:47 - 00017217 _____ C:\Documents and Settings\User\Desktop\BSOD.txt.txt
2013-10-11 16:43 - 2013-10-11 16:43 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\NirSoft BlueScreenView
2013-10-11 16:20 - 2013-01-30 18:51 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 16:20 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-11 16:16 - 2013-10-11 16:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-11 01:51 - 2008-01-24 21:11 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2013-10-11 01:51 - 2008-01-24 21:10 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:59 - 2013-10-09 20:03 - 00000000 ____D C:\Qoobox
2013-10-10 17:59 - 2005-01-13 22:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-10 17:56 - 2001-08-23 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-10 16:49 - 2008-05-16 09:39 - 00015587 _____ C:\Documents and Settings\User\My Documents\personal info.txt
2013-10-09 20:51 - 2013-10-07 19:00 - 00005592 _____ C:\VEW.txt
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:41 - 2013-10-09 20:22 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:38 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:28 - 2013-10-09 20:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:16 - 2013-10-09 20:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:14 - 2005-01-13 22:32 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2008-01-24 12:56 - 00000327 __RSH C:\boot.ini
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 11:56 - 2012-03-28 20:58 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 11:56 - 2011-05-16 05:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 10:30 - 2013-10-09 10:31 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:27 - 2013-10-07 19:13 - 00000000 ____D C:\AdwCleaner
2013-10-08 20:27 - 2008-08-17 19:41 - 00000178 ___SH C:\Documents and Settings\Administrator.VERYFASTUSER\ntuser.ini
2013-10-08 20:10 - 2013-10-08 20:12 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:25 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-07 20:08 - 00000000 ____D C:\Program Files\Speccy
2013-10-08 20:09 - 2008-06-08 13:20 - 00643265 _____ C:\WINDOWS\setupapi.log
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:51 - 2013-10-08 20:12 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 18:39 - 2013-10-08 20:12 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 18:32 - 2013-10-07 19:23 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-08 17:19 - 2013-10-08 17:25 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 21:20 - 2013-10-06 19:47 - 00009592 _____ C:\WINDOWS\bitssetup.log
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-08 17:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:09 - 2009-10-29 05:50 - 00000152 _____ C:\Documents and Settings\User\Application Data\default.rss
2013-10-07 20:09 - 2008-03-27 21:03 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-08 20:11 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:25 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-09-18 18:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-07 19:22 - 2008-01-24 12:53 - 00000000 ____D C:\WINDOWS\Resources
2013-10-07 19:12 - 2013-10-08 17:25 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:24 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:23 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 18:58 - 2013-10-08 17:25 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-08 17:24 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:46 - 2013-10-06 19:46 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\MicrosoftFixit.wu.LB.27304537560287727.1.1.Run.exe
2013-10-06 19:25 - 2013-10-08 17:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:23 - 2003-07-29 11:37 - 00051712 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-06 19:14 - 2008-01-24 12:58 - 00998376 _____ C:\WINDOWS\ocgen.log
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 20:06 - 2009-01-18 20:31 - 00000000 ____D C:\Program Files\ Hijack This
2013-10-01 20:01 - 2008-01-24 21:29 - 00048656 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-01 19:03 - 2008-01-24 12:57 - 00218448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-23 21:39 - 2008-01-24 21:25 - 00073963 _____ C:\WINDOWS\wmsetup.log
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 15:18 - 2013-07-04 21:23 - 00000000 ____D C:\Documents and Settings\User\Application Data\mp3tagpro
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-21 13:46 - 2013-02-06 17:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 06:24 - 2012-07-03 19:48 - 00000501 _____ C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
2013-09-17 19:51 - 2008-03-24 00:12 - 00002852 _____ C:\email addresses.txt
2013-09-17 17:06 - 2008-08-17 10:05 - 00000000 ____D C:\Documents and Settings\User\My Documents\Certs
2013-09-15 12:12 - 2008-04-06 00:04 - 00000000 ____D C:\Documents and Settings\User\My Documents\Codes

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\WD Passport 2.5 W98 installer.exe
C:\Documents and Settings\User\Local Settings\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/10/2013 1:57:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/10/2013 1:58:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Thumbnails

  • eventvwr Application.JPG
  • eventvwr System.JPG

Edited by insparks, 12 October 2013 - 01:21 PM.

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Lets' get rid of all of the Run Once entries that should have been removed once they ran but weren't.

Download the attached fixlist.txt to the same location as FRST (Overwrite the old one)
Run FRST and press Fix
A fix log will be generated please post that.


Did you remember to reboot before running VEW? If not please do so and run VEW again as before. No need to attach the Event pages.


Run FRST again but this time uncheck Services under Whitelist and check Drivers MD5 and Addition.txt under Optional scan then press Scan.
  • 0

#20
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Sorry I don't see an attached file :confused:
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Sorry.
  • 0

#22
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by User at 2013-10-12 19:59:49 Run:3
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB212] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8548] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini2"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4962] - command /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD4629] - cmd /c del "C:\WINDOWS\system32\nqBeNXyb.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB9292] - command.com /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2776] - cmd.exe /c del "C:\Program Files\Application Updater\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7206] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD623] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4635] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3117] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB8955] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6534] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\config.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1676] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6326] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7234] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD8805] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB3523] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6481] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1400] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD3854] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB5520] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD6325] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1850] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD2173] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB4402] - command.com /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD7390] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB1973] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD262] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingB7254] - command.com /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [SpybotDeletingD204] - cmd.exe /c del "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt"
HKU\Administrator.VERYFASTUSER\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S2].txt [ 2013-10-08] ()
*****************

HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB212 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8548 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4962 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4629 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9292 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2776 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7206 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD623 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4635 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3117 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8955 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6534 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1676 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6326 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7234 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8805 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3523 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6481 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1400 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3854 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5520 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6325 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1850 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2173 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4402 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7390 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1973 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD262 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7254 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD204 => Value deleted successfully.
HKU\Administrator.VERYFASTUSER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => Value deleted successfully.

==== End of Fixlog ====

Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/10/2013 8:04:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/10/2013 8:11:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2013 8:02:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 8:02:49 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 8:02:37 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 8:02:37 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 8:02:30 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 7:25:25 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 7:25:25 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 7:25:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 7:25:08 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 7:25:04 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2013 7:40:30 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 12/10/2013 4:48:11 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by User (administrator) on VERYFASTUSER on 12-10-2013 20:07:14
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [cdloader] - C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0F71F77E4C6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0D7191D1-C6C9-4AE4-9515-1735958A3719} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKCU - {3F8C7A0E-E4EB-4196-9531-4D194A1B16C0} URL = http://search.micros...q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5haej2ap.default-1381604455187
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======

==================== Services (All) ========================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-10-09] (Adobe Systems Incorporated)
S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\Windows\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
S2 BITS; C:\Windows\System32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
R2 Browser; C:\Windows\System32\browser.dll [77824 2008-04-13] (Microsoft Corporation)
S3 cisvc; C:\Windows\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS\System32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-10-10] (Macrovision Europe Ltd.)
S3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\Windows\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 lanmanserver; C:\Windows\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\Windows\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\Windows\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S4 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [118680 2013-09-18] (Mozilla Foundation)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\Windows\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation)
S3 napagent; C:\Windows\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
S4 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-06-18] (Nero AG)
S4 NetBurnerService; C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [223248 2007-02-21] (Paragon GmbH)
S4 NetDDE; C:\Windows\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S4 NetTcpPortSharing; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [87344 2009-09-01] (Prolific Technology Inc.)
R2 PlugPlay; C:\Windows\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\Windows\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\Windows\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
R2 RemoteRegistry; C:\Windows\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\Windows\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\Windows\System32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\Windows\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\Windows\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
R2 SharedAccess; C:\Windows\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 Spooler; C:\Windows\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\Windows\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 stisvc; C:\Windows\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\System32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\Windows\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\Windows\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\Windows\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 TlntSvr; C:\WINDOWS\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation)
R2 TrkWks; C:\Windows\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
R2 uCamMonitor; C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 upnphost; C:\Windows\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\Windows\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\Windows\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\Windows\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS\System32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
R2 wscsvc; C:\Windows\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [439808 2008-05-27] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
R2 WudfSvc; C:\Windows\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [134616 2010-08-02] (Deterministic Networks, Inc.)
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [38448 2007-02-21] (Paragon Software Group)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NetBurn; C:\Windows\System32\DRIVERS\NetBurn.sys [84752 2007-02-21] (Rocket Division Software)
R3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [714240 2007-06-04] (S3 Graphics Co., Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32352 2007-02-21] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131456 2007-02-21] (Paragon)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [22168 2009-05-05] (VIA Technologies,Inc)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys 35A6A419D7526F5CF824AFB23AFA08D6
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\SPCA561.SYS 50DED7C73E0FB40693EDAB8CAD7C46E7
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\System32\DRIVERS\dne2000.sys 04E6D6842778A76D25A952BAA22C409F
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\DRIVERS\fetnd5bv.sys 5FAA391F5B4CD2C38BE7CA270E13B444
C:\Windows\System32\DRIVERS\fetnd5.sys E9648254056BCE81A85380C0C3647DC4
C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\drivers\grmnusb.sys CEC45180029F1012054A41CEEEA9CEAB
C:\Windows\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511
C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\Windows\System32\drivers\hotcore3.sys 944CCB9C681CD4991A7929A9D20AC579
C:\Windows\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\System32\drivers\RtkHDAud.sys 915CE2A58C6917E3C53BE1E91FA66BA8
C:\Windows\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\Windows\System32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\Windows\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\Windows\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 9282BD12DFB069D3889EB3FCC1000A9B
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\DRIVERS\NetBurn.sys 521AC031B415AE02C4C18AC5085A32F1
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\Windows\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26
C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\Windows\System32\Drivers\RDPWD.sys 6589DB6E5969F8EEE594CF71171C5028
C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\Windows\System32\Drivers\RimUsb.sys 4F4A4C09CC5BE58A76CAC1C337E004E6
C:\Windows\System32\DRIVERS\RimSerial.sys 3A5633AD615E2B15291BD0B1B97CCD8A
C:\Windows\System32\Drivers\RootMdm.sys D8B0B4ADE32574B2D9C5CC34DC0DBBE7
C:\Windows\System32\DRIVERS\S3gIGPm.sys BE0EA04C57E2B6BDC135DEFFE786B493
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\Windows\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\Windows\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\Windows\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\System32\DRIVERS\UimBus.sys 5741D8BC26F43D2761AB45E85317B7AD
C:\Windows\System32\Drivers\Uim_IM.sys 37A8F2FF6EB760B018C9F987A4E676ED
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\drivers\usbaudio.sys E919708DB44ED8543A7C017953148330
C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8
C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4
C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\Windows\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\Windows\System32\Drivers\usbvideo.sys 63BBFCA7F390F4C49ED4B96BFB1633E0
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\System32\DRIVERS\viaagp1.sys 4B039BBD037B01F5DB5A144C837F283A
C:\Windows\System32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E
C:\Windows\System32\DRIVERS\ViBus.sys FD85C55B66797542A8C8A7348ED0675A
C:\Windows\System32\DRIVERS\videX32.sys 510B5097E81CD36D603D7D5C93820BBD
C:\Windows\System32\DRIVERS\ViPrt.sys 7C69B1B6DEC5F8584AA352E522AF1476
C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\Windows\System32\DRIVERS\wimfltr.sys F9AD3A5E3FD7E0BDB18B8202B0FDD4E4
C:\Windows\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104
C:\Windows\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\Windows\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\Windows\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B
C:\Windows\System32\DRIVERS\xfilt.sys A1B2B0211441F9C822F8CBC0C2D1B41E

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 20:06 - 2013-10-12 20:06 - 00003092 _____ C:\VEW System.txt
2013-10-12 20:04 - 2013-10-12 20:04 - 00000358 _____ C:\Documents and Settings\User\Desktop\VEW Application.txt
2013-10-12 10:22 - 2013-10-12 10:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-02.dmp
2013-10-12 08:29 - 2013-10-12 08:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp
2013-10-11 16:52 - 2013-10-11 16:52 - 00003365 _____ C:\junk.txt
2013-10-11 16:43 - 2013-10-11 16:43 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\NirSoft BlueScreenView
2013-10-11 16:16 - 2013-10-11 16:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atapi.sys
2013-10-10 17:49 - 2008-04-13 13:40 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:24 - 2013-10-09 20:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:41 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:22 - 2013-10-09 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2013-06-27 19:21 - 00000211 _____ C:\Boot.bak
2013-10-09 20:06 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-09 20:03 - 2013-10-10 17:59 - 00000000 ____D C:\Qoobox
2013-10-09 20:03 - 2013-10-09 20:16 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:03 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-09 20:03 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-09 20:03 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-09 20:03 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 10:31 - 2013-10-09 10:30 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:12 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:12 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 20:12 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 20:10 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:51 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 20:11 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 17:25 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 17:25 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-08 17:25 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-08 17:25 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-08 17:25 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-08 17:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-08 17:24 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-08 17:24 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-08 17:24 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-08 17:23 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:08 - 2013-10-08 20:09 - 00000000 ____D C:\Program Files\Speccy
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-10-08 18:32 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-07 19:23 - 2013-09-09 02:57 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2013-10-07 19:23 - 2013-09-09 02:57 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2013-10-07 19:13 - 2013-10-08 20:27 - 00000000 ____D C:\AdwCleaner
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 19:00 - 2013-10-12 20:05 - 00003092 _____ C:\VEW.txt
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:47 - 2013-10-12 14:48 - 00012098 _____ C:\WINDOWS\bitssetup.log
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-18 18:43 - 2013-10-07 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-12 20:06 - 2013-10-12 20:06 - 00003092 _____ C:\VEW System.txt
2013-10-12 20:05 - 2013-10-07 19:00 - 00003092 _____ C:\VEW.txt
2013-10-12 20:04 - 2013-10-12 20:04 - 00000358 _____ C:\Documents and Settings\User\Desktop\VEW Application.txt
2013-10-12 20:03 - 2008-01-24 21:17 - 01605724 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-12 20:02 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype
2013-10-12 20:02 - 2008-01-24 21:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 20:02 - 2008-01-24 13:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-12 20:02 - 2008-01-24 13:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-12 20:02 - 2001-08-23 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-12 20:01 - 2008-01-24 21:11 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2013-10-12 20:01 - 2008-01-24 21:10 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-12 19:56 - 2012-03-28 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 16:41 - 2005-01-13 22:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-12 14:48 - 2013-10-06 19:47 - 00012098 _____ C:\WINDOWS\bitssetup.log
2013-10-12 10:22 - 2013-10-12 10:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-02.dmp
2013-10-12 10:22 - 2009-11-08 14:19 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-12 08:29 - 2013-10-12 08:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp
2013-10-11 17:20 - 2013-01-30 18:51 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-11 16:52 - 2013-10-11 16:52 - 00003365 _____ C:\junk.txt
2013-10-11 16:43 - 2013-10-11 16:43 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\NirSoft BlueScreenView
2013-10-11 16:20 - 2013-01-30 18:51 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 16:20 - 2013-01-30 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-11 16:16 - 2013-10-11 16:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-10 18:00 - 2013-10-10 18:00 - 00000000 ____D C:\FRST
2013-10-10 17:59 - 2013-10-10 17:59 - 00011155 _____ C:\ComboFix.txt
2013-10-10 17:59 - 2013-10-09 20:03 - 00000000 ____D C:\Qoobox
2013-10-10 17:56 - 2001-08-23 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-10 17:43 - 2013-10-10 17:43 - 01087213 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-10-10 16:49 - 2008-05-16 09:39 - 00015587 _____ C:\Documents and Settings\User\My Documents\personal info.txt
2013-10-09 20:47 - 2013-10-09 20:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-02.dmp
2013-10-09 20:41 - 2013-10-09 20:22 - 00000743 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-09 20:38 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-09 20:28 - 2013-10-09 20:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-09 20:22 - 2013-10-09 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 20:16 - 2013-10-09 20:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-09 20:14 - 2005-01-13 22:32 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 _RSHD C:\cmdcons
2013-10-09 20:06 - 2008-01-24 12:56 - 00000327 __RSH C:\boot.ini
2013-10-09 19:56 - 2013-10-09 19:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2013-10-09 19:55 - 2013-10-09 19:55 - 05131844 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2013-10-09 11:56 - 2012-03-28 20:58 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 11:56 - 2011-05-16 05:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 10:30 - 2013-10-09 10:31 - 00106496 _____ C:\WINDOWS\Minidump\Mini100913-01.dmp
2013-10-08 20:58 - 2013-10-08 20:58 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-03.dmp
2013-10-08 20:27 - 2013-10-07 19:13 - 00000000 ____D C:\AdwCleaner
2013-10-08 20:27 - 2008-08-17 19:41 - 00000178 ___SH C:\Documents and Settings\Administrator.VERYFASTUSER\ntuser.ini
2013-10-08 20:10 - 2013-10-08 20:12 - 00742742 _____ C:\Documents and Settings\Default User\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:10 - 2013-10-08 20:11 - 00742742 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Can't use windows update anymore - Geeks to Go Forums.htm
2013-10-08 20:09 - 2013-10-08 20:09 - 00000694 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:25 - 00000694 _____ C:\Documents and Settings\Default User\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-08 17:24 - 00000694 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\Speccy.lnk
2013-10-08 20:09 - 2013-10-07 20:08 - 00000000 ____D C:\Program Files\Speccy
2013-10-08 20:09 - 2008-06-08 13:20 - 00643265 _____ C:\WINDOWS\setupapi.log
2013-10-08 18:52 - 2013-10-08 18:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-02.dmp
2013-10-08 18:51 - 2013-10-08 20:12 - 00358923 _____ (Farbar) C:\Documents and Settings\Default User\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2013-10-08 18:51 - 2013-10-08 20:11 - 00358923 _____ (Farbar) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\FSS.exe
2013-10-08 18:39 - 2013-10-08 20:12 - 04009167 _____ C:\Documents and Settings\Default User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 20:11 - 04009167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 04009167 _____ C:\Documents and Settings\User\Desktop\ServicesRepair.exe
2013-10-08 18:39 - 2013-10-08 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-08 18:32 - 2013-10-08 18:32 - 00000000 ____D C:\_OTL
2013-10-08 18:32 - 2013-10-07 19:23 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
2013-10-08 17:19 - 2013-10-08 17:25 - 01032220 _____ (Thisisu) C:\Documents and Settings\Default User\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:24 - 01032220 _____ (Thisisu) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\JRT.exe
2013-10-08 17:19 - 2013-10-08 17:19 - 01032220 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2013-10-08 17:16 - 2013-10-08 17:16 - 00106496 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\Mozilla
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Documents and Settings\Administrator.VERYFASTUSER\Application Data\Mozilla
2013-10-07 20:25 - 2013-10-08 17:25 - 00891167 _____ C:\Documents and Settings\Default User\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-08 17:24 - 00891167 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\SecurityCheck.exe
2013-10-07 20:25 - 2013-10-07 20:25 - 00891167 _____ C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2013-10-07 20:09 - 2009-10-29 05:50 - 00000152 _____ C:\Documents and Settings\User\Application Data\default.rss
2013-10-07 20:09 - 2008-03-27 21:03 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-10-07 20:08 - 2013-10-07 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-10-07 20:05 - 2013-10-07 20:05 - 00000512 _____ C:\Documents and Settings\User\Desktop\MBR.dat
2013-10-07 19:34 - 2013-10-08 20:11 - 04745728 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:25 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Default User\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-08 17:24 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\aswmbr.exe
2013-10-07 19:34 - 2013-10-07 19:34 - 04745728 _____ (AVAST Software) C:\Documents and Settings\User\Desktop\aswmbr.exe
2013-10-07 19:24 - 2013-10-07 19:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-07 19:23 - 2013-09-18 18:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-07 19:22 - 2008-01-24 12:53 - 00000000 ____D C:\WINDOWS\Resources
2013-10-07 19:12 - 2013-10-08 17:25 - 01045226 _____ C:\Documents and Settings\Default User\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:24 - 01045226 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-08 17:23 - 01045226 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-10-07 19:12 - 2013-10-07 19:12 - 01045226 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2013-10-07 18:58 - 2013-10-08 17:25 - 00061440 _____ ( ) C:\Documents and Settings\Default User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-08 17:24 - 00061440 _____ ( ) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\User\Desktop\VEW.exe
2013-10-07 18:58 - 2013-10-07 18:58 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-10-07 17:29 - 2013-10-07 17:29 - 00106496 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-06 23:54 - 2013-10-06 23:54 - 00377856 _____ C:\Documents and Settings\User\Desktop\2lx1649c.exe
2013-10-06 19:25 - 2013-10-08 17:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Default User\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-08 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator.VERYFASTUSER\Desktop\OTL.exe
2013-10-06 19:25 - 2013-10-06 19:25 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-10-06 19:23 - 2003-07-29 11:37 - 00051712 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-06 19:15 - 2013-10-06 19:15 - 00048656 _____ C:\Documents and Settings\Administrator.VERYFASTUSER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-06 19:15 - 2013-10-06 19:15 - 00000000 __SHD C:\Documents and Settings\Administrator.VERYFASTUSER\PrivacIE
2013-10-06 19:14 - 2008-01-24 12:58 - 00998376 _____ C:\WINDOWS\ocgen.log
2013-10-04 16:13 - 2013-10-04 16:13 - 00106496 _____ C:\WINDOWS\Minidump\Mini100413-01.dmp
2013-10-03 21:03 - 2013-10-03 21:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini100313-01.dmp
2013-10-02 17:36 - 2013-10-02 17:36 - 00106496 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp
2013-10-01 20:06 - 2009-01-18 20:31 - 00000000 ____D C:\Program Files\ Hijack This
2013-10-01 20:01 - 2008-01-24 21:29 - 00048656 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-01 19:03 - 2008-01-24 12:57 - 00218448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-01 11:53 - 2013-10-01 11:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp
2013-09-28 19:53 - 2013-09-28 19:53 - 00106496 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp
2013-09-27 22:14 - 2013-09-27 22:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp
2013-09-25 15:22 - 2013-09-25 15:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini092513-01.dmp
2013-09-23 21:39 - 2008-01-24 21:25 - 00073963 _____ C:\WINDOWS\wmsetup.log
2013-09-22 21:23 - 2013-09-22 21:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini092213-01.dmp
2013-09-21 15:18 - 2013-07-04 21:23 - 00000000 ____D C:\Documents and Settings\User\Application Data\mp3tagpro
2013-09-21 13:46 - 2013-09-21 13:46 - 00106496 _____ C:\WINDOWS\Minidump\Mini092113-01.dmp
2013-09-21 13:46 - 2013-02-06 17:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 06:24 - 2012-07-03 19:48 - 00000501 _____ C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
2013-09-17 19:51 - 2008-03-24 00:12 - 00002852 _____ C:\email addresses.txt
2013-09-17 17:06 - 2008-08-17 10:05 - 00000000 ____D C:\Documents and Settings\User\My Documents\Certs
2013-09-15 12:12 - 2008-04-06 00:04 - 00000000 ____D C:\Documents and Settings\User\My Documents\Codes

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\WD Passport 2.5 W98 installer.exe
C:\Documents and Settings\User\Local Settings\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by User at 2013-10-12 20:10:48
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

"Nero SoundTrax Help (Version: 4.4.32.0)
µTorrent (HKCU Version: 3.3.1.30017)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.2)
Adobe Acrobat 8.1.2 Professional (Version: 8.1.2)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop Album 2.0 (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advertising Center (Version: 0.0.0.2)
Alcohol 120% (Version: 1.9.2.1705)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.138)
ArcSoft WebCam Companion 3 (Version: 3.0.45.413)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DolbyFiles (Version: 2.0)
Elevated Installer (Version: 2.1.13)
Garmin City Navigator North America NT 2010.10 Update (Version: 13.0.0.0)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133)
GreatArcadeHits (HKCU Version: 1.0)
HijackThis 1.99.1 (Version: 1.99.1)
HP Webcam User's Guide
ICatch (VI) PC Camera
ImagXpress (Version: 7.0.74.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Magic ISO Maker v5.4 (build 0251)
magicJack (HKCU Version: 2.0.6073.4252)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Menu Templates - Pack 1 (Version: 9.4.6.0)
Menu Templates - Pack 2 (Version: 9.4.6.0)
Menu Templates - Pack 3 (Version: 9.4.6.0)
Menu Templates - Starter Kit (Version: 9.4.6.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Movie Templates - Pack 1 (Version: 9.4.6.0)
Movie Templates - Starter Kit (Version: 9.4.6.0)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
mp3Tag Pro 8.1
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero 9
Nero BackItUp (Version: 5.2.6000)
Nero BackItUp and Burn (Version: 1.2.0009)
Nero Burning ROM Help (Version: 9.4.17.100)
Nero BurnRights (Version: 3.4.11.100)
Nero BurnRights (Version: 3.6.17000)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.12.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.11.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express (Version: 9.6.11000)
Nero Express Help (Version: 9.4.17.100)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Live (Version: 1.4.48.0)
Nero Live Help (Version: 1.4.48.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 4.4.31.0)
Nero Recode Help (Version: 4.4.31.0)
Nero Rescue Agent (Version: 2.4.12.100)
Nero RescueAgent (Version: 2.6.13000)
Nero RescueAgent Help (Version: 2.4.4.100)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.14.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.10.205)
Nero Vision Help (Version: 6.4.8.100)
Nero WaveEditor (Version: 5.4.32.0)
NeroBurningROM (Version: 9.4.17.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
NirSoft BlueScreenView
NTFS4DOS
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Paragon Drive Backup 8.5 Professional
Platform (Version: 1.24)
QuickPar 0.9 (Version: 0.9)
QuickShare (Version: 1.135.60.12323)
Realtek High Definition Audio Driver (Version: 5.10.0.5433)
Skype Click to Call (Version: 6.12.13601)
Skype™ 6.9 (Version: 6.9.106)
SoundTrax (Version: 4.4.32.0)
Speccy (Version: 1.23)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
UseNeXT by Tangysoft
VIA Display Driver 6.14.10.0095
VIA Platform Device Manager (Version: 1.24)
VIA Rhine-Family Fast-Ethernet Adapter
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.5318)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
WinRAR archiver
WinZip (Version: 8.1 (4331))
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
YouTube Downloader Toolbar v6.0 (Version: 6.0)
YTD Video Downloader 4.5.1 (Version: 4.5.1)

==================== Restore Points =========================

15-07-2013 04:13:27 System Checkpoint
16-07-2013 04:25:27 System Checkpoint
17-07-2013 04:37:31 System Checkpoint
18-07-2013 05:49:31 System Checkpoint
19-07-2013 11:30:41 System Checkpoint
20-07-2013 14:54:55 System Checkpoint
21-07-2013 15:23:21 System Checkpoint
22-07-2013 15:47:20 System Checkpoint
23-07-2013 16:02:23 System Checkpoint
24-07-2013 16:42:14 System Checkpoint
25-07-2013 17:39:09 System Checkpoint
26-07-2013 17:51:11 System Checkpoint
27-07-2013 18:56:28 System Checkpoint
28-07-2013 18:57:57 System Checkpoint
29-07-2013 21:05:04 System Checkpoint
30-07-2013 22:48:24 System Checkpoint
31-07-2013 23:27:16 System Checkpoint
01-08-2013 23:48:24 System Checkpoint
03-08-2013 00:41:09 System Checkpoint
04-08-2013 00:53:09 System Checkpoint
05-08-2013 01:05:08 System Checkpoint
06-08-2013 01:26:28 System Checkpoint
07-08-2013 01:32:24 System Checkpoint
08-08-2013 01:50:53 System Checkpoint
09-08-2013 11:15:08 System Checkpoint
10-08-2013 15:27:07 System Checkpoint
11-08-2013 15:43:11 System Checkpoint
12-08-2013 16:43:11 System Checkpoint
13-08-2013 16:46:21 System Checkpoint
14-08-2013 16:58:20 System Checkpoint
15-08-2013 17:43:28 System Checkpoint
16-08-2013 18:23:02 System Checkpoint
17-08-2013 18:37:15 System Checkpoint
18-08-2013 19:16:22 System Checkpoint
19-08-2013 19:45:11 System Checkpoint
20-08-2013 21:11:26 System Checkpoint
21-08-2013 22:19:16 System Checkpoint
22-08-2013 22:35:48 System Checkpoint
23-08-2013 23:59:47 System Checkpoint
25-08-2013 00:35:47 System Checkpoint
26-08-2013 01:23:48 System Checkpoint
27-08-2013 11:18:11 System Checkpoint
28-08-2013 11:59:08 System Checkpoint
29-08-2013 13:35:08 System Checkpoint
30-08-2013 14:59:08 System Checkpoint
31-08-2013 15:58:10 System Checkpoint
01-09-2013 16:23:13 System Checkpoint
02-09-2013 17:14:17 System Checkpoint
03-09-2013 18:47:53 System Checkpoint
04-09-2013 18:52:59 System Checkpoint
05-09-2013 19:41:29 System Checkpoint
06-09-2013 20:51:00 System Checkpoint
07-09-2013 21:43:30 System Checkpoint
08-09-2013 22:47:58 System Checkpoint
09-09-2013 23:46:11 System Checkpoint
11-09-2013 00:17:17 System Checkpoint
12-09-2013 00:47:48 System Checkpoint
13-09-2013 01:20:26 System Checkpoint
14-09-2013 01:31:13 System Checkpoint
15-09-2013 02:30:07 System Checkpoint
16-09-2013 02:40:58 System Checkpoint
17-09-2013 03:11:11 System Checkpoint
18-09-2013 11:29:34 System Checkpoint
19-09-2013 11:45:31 System Checkpoint
20-09-2013 12:56:52 System Checkpoint
21-09-2013 12:59:45 System Checkpoint
22-09-2013 13:47:39 System Checkpoint
23-09-2013 14:04:16 System Checkpoint
24-09-2013 14:50:11 System Checkpoint
25-09-2013 15:49:07 System Checkpoint
26-09-2013 16:00:52 System Checkpoint
27-09-2013 17:09:57 System Checkpoint
28-09-2013 17:19:35 System Checkpoint
29-09-2013 18:35:01 System Checkpoint
30-09-2013 18:53:02 System Checkpoint
01-10-2013 19:12:41 System Checkpoint
02-10-2013 20:40:30 System Checkpoint
03-10-2013 23:04:40 System Checkpoint
05-10-2013 00:05:59 System Checkpoint
06-10-2013 00:42:20 System Checkpoint
07-10-2013 02:52:02 System Checkpoint
08-10-2013 01:16:13 OTL Restore Point - 10/7/2013 8:16:10 PM
08-10-2013 01:26:40 OTL Restore Point - 10/7/2013 8:26:37 PM
08-10-2013 23:57:35 OTL Restore Point - 10/8/2013 6:57:31 PM
10-10-2013 00:34:46 System Checkpoint
11-10-2013 01:19:10 System Checkpoint
12-10-2013 01:26:15 System Checkpoint

==================== Hosts content: ==========================

2001-08-23 07:00 - 2013-10-09 20:15 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-18 18:43 - 2013-09-18 18:44 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 11:56 - 2013-10-09 11:56 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\User\Desktop\FRST.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Plug and Play BIOS Extension
Description: Plug and Play BIOS Extension
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: a347bus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/12/2013 08:02:49 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (10/12/2013 08:02:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/12/2013 08:02:37 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (10/12/2013 08:02:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/12/2013 08:02:30 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (10/12/2013 07:25:25 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (10/12/2013 07:25:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/12/2013 07:25:08 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (10/12/2013 07:25:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/12/2013 07:25:04 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 1790.42 MB
Available physical RAM: 1211.2 MB
Total Pagefile: 3688.37 MB
Available Pagefile: 3256.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:23.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive k: () (Network) (Total:127.99 GB) (Free:23.61 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: FA9AFA9A)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text in the code box:

/md5start
qmgr.dll
/md5stop


Run OTL (Vista or Win 7 => right click and Run As Administrator)



Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.


Attaching two files. Download each and save. Then right click on each and Merge. Clear the alarms and reboot and run VEW again.
  • 0

#24
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Bad news when I tried to merge the legacy_bits.reg it didn't write everything:
"Cannot import C:\Documents and Settings\User\Desktop\Legacy-bits.reg: Not all data was successfully written to registry. Some keys are open by the system or other processes"
So I kept on with your instructions even with this warning. :confused:

OTL logfile created on: 10/12/2013 10:36:00 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 66.19% Memory free
3.60 Gb Paging File | 3.17 Gb Available in Paging File | 88.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 24.21 Gb Free Space | 18.92% Space Free | Partition Type: NTFS
Drive K: | 127.99 Gb Total Space | 24.21 Gb Free Space | 18.92% Space Free | Partition Type: NTFS

Computer Name: VERYFASTUSER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/09/18 18:44:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 11:56:13 | 016,233,864 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/18 18:44:03 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/01 00:54:44 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\88fd67d11854c9acb391c7415e105307\System.WorkflowServices.ni.dll
MOD - [2013/06/01 00:53:01 | 001,050,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5039ecf47ec07f5e82794b8acbeb73f6\System.ServiceModel.Web.ni.dll
MOD - [2012/07/08 20:32:34 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/07/08 20:32:32 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
MOD - [2012/07/08 20:32:28 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
MOD - [2012/07/08 20:32:24 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
MOD - [2012/07/08 20:32:22 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
MOD - [2012/07/08 20:32:16 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/07/08 20:30:56 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/07/08 20:27:55 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/07/08 20:27:52 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/07/08 20:27:50 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/07/08 20:27:45 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/07/08 19:02:46 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/07/08 19:02:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/07/08 19:02:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/07/08 19:01:36 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/07/08 19:01:06 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/07/08 19:00:49 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2008/12/23 18:41:24 | 000,203,264 | ---- | M] () -- C:\Temp\mp3Tag Pro 7\tag_menu.dll
MOD - [2003/05/15 17:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/10 16:31:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/10/09 11:56:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 18:44:03 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/22 07:26:53 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Temp\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\UimBus.sys -- (UimBus)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\Uim_IM.sys -- (Uim_IM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/08/02 16:42:44 | 000,134,616 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/06/14 19:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/04 14:05:58 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/03/29 12:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/03/26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 16:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/21 20:15:20 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/01 16:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 F7 1F 77 E4 C6 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{0D7191D1-C6C9-4AE4-9515-1735958A3719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{3F8C7A0E-E4EB-4196-9531-4D194A1B16C0}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/07 05:39:07 | 000,000,000 | ---D | M]

[2008/07/08 16:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/10/12 14:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5haej2ap.default-1381604455187\extensions
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/08 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/18 18:44:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/10/09 20:15:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280912913343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{420A8603-0E24-4FEE-A7BA-7FD4245C049A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/11 16:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\NirSoft BlueScreenView
[2013/10/10 18:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/10/10 18:00:03 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/10 17:49:36 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2013/10/10 17:43:18 | 001,087,213 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2013/10/09 20:24:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/09 20:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/09 20:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/09 20:22:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/09 20:06:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/09 20:03:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/09 20:03:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/09 20:03:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/09 20:03:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/09 20:03:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/09 20:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/09 19:56:52 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2013/10/09 19:55:08 | 005,131,844 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/10/08 20:11:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\All Users\Desktop\aswmbr.exe
[2013/10/08 18:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/10/08 18:32:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/08 17:19:39 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/10/07 20:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2013/10/07 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/10/07 19:34:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp
[2013/10/07 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/07 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2013/10/07 19:23:11 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/10/07 19:23:11 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/10/07 19:23:11 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/10/07 19:23:11 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/10/07 19:23:11 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/10/07 19:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits
[2013/10/07 19:13:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/06 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/10/06 19:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/09/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/12 21:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/12 20:46:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/12 20:45:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/12 20:14:33 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2013/10/11 17:20:42 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/10/10 17:43:48 | 001,087,213 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2013/10/10 16:31:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/10/09 20:41:17 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/09 20:15:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/10/09 20:06:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/09 19:56:55 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2013/10/09 19:55:11 | 005,131,844 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/10/09 11:56:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/09 11:56:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/08 20:09:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/10/08 18:39:20 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ServicesRepair.exe
[2013/10/08 17:19:33 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/10/07 20:25:34 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:09:55 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\User\Application Data\default.rss
[2013/10/07 20:09:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/07 20:05:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:34:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswmbr.exe
[2013/10/07 19:34:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\All Users\Desktop\aswmbr.exe
[2013/10/07 19:12:55 | 001,045,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:50 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:22 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/06 19:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/10/06 19:23:35 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/03 16:40:34 | 000,280,352 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/10/01 19:03:11 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/19 06:24:15 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/09 20:22:33 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/09 20:06:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/09 20:06:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/10/09 20:03:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/09 20:03:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/09 20:03:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/09 20:03:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/09 20:03:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/10/08 20:09:15 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/10/08 18:39:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ServicesRepair.exe
[2013/10/07 20:25:40 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/10/07 20:05:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/10/07 19:12:57 | 001,045,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/10/07 18:58:58 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2013/10/06 23:54:30 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\User\Desktop\2lx1649c.exe
[2013/10/03 16:40:33 | 000,280,352 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tracy, CA Building_and_Fire_Inspector_I_II_2013.pdf
[2013/02/14 18:11:32 | 000,981,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/08 18:33:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/15 21:01:40 | 002,548,819 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-162531612-839522115-1003-0.dat
[2010/11/19 23:28:22 | 000,212,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/01/04 21:55:20 | 000,038,451 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft Access.ADR
[2009/10/29 05:50:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2009/02/13 21:51:57 | 000,011,211 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).CAL
[2008/04/28 22:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\.gtk-bookmarks
[2008/04/01 22:32:05 | 000,026,215 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
[2008/03/27 21:04:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/01/20 23:55:40 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2004/11/03 15:37:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2004/05/22 13:56:52 | 000,178,136 | ---- | C] () -- C:\Documents and Settings\User\~
[2004/05/22 13:50:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.html
[2004/05/22 13:46:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\FASTApp.html
[2003/07/29 11:37:20 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/01/24 21:55:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: QMGR.DLL >
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\erdnt\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< End of report >


Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/10/2013 10:58:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/10/2013 10:59:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2013 10:56:51 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 10:56:51 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 10:56:43 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 10:56:43 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 10:56:40 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 10:55:28 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 12/10/2013 10:54:59 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 12/10/2013 10:54:54 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 12/10/2013 10:52:18 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 10:52:18 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 10:52:09 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 10:52:09 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 12/10/2013 10:52:05 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 12/10/2013 10:46:39 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Garmin Core Update Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/10/2013 10:46:22 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/10/2013 10:46:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/10/2013 10:46:08 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/10/2013 10:46:00 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/10/2013 10:45:46 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/10/2013 10:45:41 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The CamMonitor service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2013 10:40:33 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 12/10/2013 7:40:30 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 12/10/2013 4:48:11 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Try booting into Safe Mode:

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode. Login with your usual login.

Then try to merge the two .reg files again.
Clear the alarms and
Go back into Regular mode and run VEW again for System only.



Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

C:\WINDOWS\system32\bits\qmgr.dll
C:\WINDOWS\system32\qmgr.dll

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
  • 0

Advertisements


#26
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hey I'm not trying to be a smart [bleep] but I tried going into safe mode and merging legacy_bits.reg before posting my last post, it didn't work either got the same error message which kind of seemed strange to me. So I proceeded with your next instructions anyways.

GrantPerms by Farbar
Ran by User (administrator) at 2013-10-13 01:00:51

===============================================
\\?\C:\WINDOWS\system32\bits\qmgr.dll

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
Everyone FULL ALLOW (I)


\\?\C:\WINDOWS\system32\qmgr.dll

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

Edited by insparks, 13 October 2013 - 12:03 AM.

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Try opening an elevated Command Prompt (Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator)
Type with an Enter after each line:

net  stop  bits


It should say:

The Background Intelligent Transfer Service service is stopping..
The Background Intelligent Transfer Service service was stopped successfully.

Then try to right click on the .reg file that doesn't want to Merge and try to Merge.

IF it works then

net start bits


If it still doesn't work then go in to regedit and navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS

Right click on Legacy_Bits and Delete. If it says you do not have permission then take ownership of the key:

http://www.howtogeek...y-in-windows-7/

then try to delete the key.
  • 0

#28
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
When I go to command prompt it gets this error message





When I go to regedit and delete the BITS line I get this error message when I try to merge


Funny thing after deleting the line in regedit both in safe mode and regular that BITS line keeps coming back

Attached Thumbnails

  • mess.JPG
  • mess 1.JPG

  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
I wonder if this error is at fault:

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Go in to Device manager (Right click on My Computer and select Manage then Device Manager) Find the IDE/ATA/ATAPI Controller and click on the + in front to open it up. Right click on the atapi one and select uninstall then clear the alarms, reboot and run vew:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.





1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Copy the next 8 lines:

net stop bits
net stop wuauserv
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
net start bits
net start wuauserv
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS > \junk.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS >> \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, Command Prompt. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter. Notepad should open. Copy and paste the results from Notepad.
  • 0

#30
insparks

insparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
When I opened device manger there was three hardware conflicts
Primary IDE channel, Secondary IDE Channel And one System Devices:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 13/10/2013 9:20:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2013 9:16:15 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 13/10/2013 9:16:15 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 13/10/2013 9:16:02 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

Log: 'System' Date/Time: 13/10/2013 9:16:02 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1290" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 13/10/2013 9:15:58 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error: %%1290

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 13/10/2013 9:21:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/10/2013 2:20:19 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/10/2013 9:14:34 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 13/10/2013 6:34:42 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 13/10/2013 6:12:46 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 13/10/2013 5:57:05 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user VERYFASTUSER\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 13/10/2013 5:56:55 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 13/10/2013 2:12:48 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}', feature 'Phone' failed during request for component '{57FF4446-590E-4894-AE39-D55928DBDE01}'

Log: 'Application' Date/Time: 13/10/2013 2:12:48 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}', feature 'Phone', component '{65B3C89D-DD42-49B2-9DF6-3C069B5FAF69}' failed. The resource 'HKEY_CURRENT_USER\Software\Skype\Phone\UI\General\Language' does not exist.


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS\0000

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS\0000
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP