Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google and Yahoo will not open in any browsers! [Solved]


  • This topic is locked This topic is locked

#1
Tre1208

Tre1208

    Member

  • Member
  • PipPip
  • 52 posts

I have a laptop with xp which im able to get online and browse msn.com and some of my other favorite sites. However im not able to load yahoo homepage nor googles homepage. Also I have installed system mechanic which install fine but It wont allow me to open. Can anyone help. I been trouble shooting for days. Thanks in advance.


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:



Hello :)

Let's get a look at your machine, shall we?


Step 1: Scan with Farbar's Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

FRST Log

Addition.txt Log

aswMBR Log

  • 1

#3
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

is it ok to use a flash drive from a other computer because that one goes to most sites but not all.


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

is it ok to use a flash drive from a other computer because that one goes to most sites but not all.


You're wanting to use a flash drive to download the tools to and then transfer them to the affected machine? That's no problem, but I'd recommend installing this program on the machine that you're downloading the tools to. This will immunize the USB against any possible infections.



Download MCShield to your desktop and install
  • It will initially run a scan and show the result as a toaster by the system clock.
  • Then in the control center select Scanner and tick unhide items on flash drives.
mcshieldunhide_zps00a3e64b.jpg
  • Plug in the drive and McShield will start a scan
  • Then get the log which will be here :
  • Start > all programs > MCShield > logs > all scans
And post that in your next reply.
  • 0

#5
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Main (administrator) on DELORES on 02-05-2014 20:02:34
Running from C:\Documents and Settings\Main\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2006-04-06] (CyberLink Corp.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-10-25] (HP)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-01-05] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.33.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default
FF user.js: detected! => C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default\user.js
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF Extension: AIM Toolbar - C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2009-06-24]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\eMusic Remote\remoteExt
FF Extension: eMusic Remote Helper - C:\Program Files\eMusic Remote\remoteExt [2007-09-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\eMusic Remote\remoteExt
FF Extension: eMusic Remote Helper - C:\Program Files\eMusic Remote\remoteExt [2007-09-29]

Chrome:
=======
CHR Extension: (Google Drive) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]

========================== Services (Whitelisted) =================

S4 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S4 MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S4 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
S4 SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14032 2006-04-03] (Microsoft Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R2 CdaD10BA; C:\WINDOWS\system32\drivers\CdaD10BA.SYS [12464 2007-01-31] (Macrovision Europe Ltd)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-06-02] (Pinnacle Systems GmbH)
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-25] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Main\LOCALS~1\Temp\catchme.sys [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U5 W32Time; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-02 20:02 - 2014-05-02 20:02 - 00020024 _____ () C:\Documents and Settings\Main\Desktop\FRST.txt
2014-05-02 20:02 - 2014-05-02 20:02 - 00000000 ____D () C:\FRST
2014-05-02 20:01 - 2014-05-02 19:47 - 01050624 _____ (Farbar) C:\Documents and Settings\Main\Desktop\FRST.exe
2014-05-02 20:00 - 2014-05-02 20:01 - 00000000 ____D () C:\WINDOWS\LastGood
2014-05-02 16:45 - 2014-05-02 16:46 - 00002503 _____ () C:\WINDOWS\KB2964358-IE7.log
2014-05-01 19:42 - 2014-05-01 19:46 - 00000960 _____ () C:\WINDOWS\Active Setup Log.BAK
2014-05-01 19:41 - 2014-05-01 19:41 - 00491768 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\ie6setup.exe
2014-05-01 17:37 - 2014-05-02 19:53 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-05-01 17:36 - 2014-05-01 19:48 - 00000803 _____ () C:\Documents and Settings\Main\Start Menu\Programs\Internet Explorer.lnk
2014-05-01 17:31 - 2014-05-01 17:32 - 00080817 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-05-01 17:30 - 2014-05-01 17:31 - 00085932 _____ () C:\WINDOWS\KB2862772-IE8.log
2014-05-01 17:30 - 2014-05-01 17:30 - 00080201 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-05-01 17:28 - 2014-05-01 17:37 - 00007502 _____ () C:\WINDOWS\spupdsvc.log
2014-05-01 17:28 - 2014-05-01 17:30 - 00101459 _____ () C:\WINDOWS\KB982381-IE8.log
2014-05-01 17:25 - 2014-02-25 18:53 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-05-01 17:25 - 2014-02-25 18:53 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-05-01 17:25 - 2013-09-04 09:47 - 02452872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dat
2014-05-01 17:24 - 2014-05-01 17:28 - 00099799 _____ () C:\WINDOWS\ie8.log
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2014-05-01 16:40 - 2014-05-01 17:33 - 00151190 _____ () C:\WINDOWS\ie8_main.log
2014-05-01 16:37 - 2014-05-01 16:37 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\IE8-WindowsXP-x86-ENU.exe
2014-05-01 16:33 - 2014-05-01 17:16 - 00101657 _____ () C:\WINDOWS\KB2936068-IE7.log
2014-05-01 16:33 - 2014-05-01 17:15 - 00018314 _____ () C:\WINDOWS\KB2909212.log
2014-05-01 16:32 - 2014-05-01 17:15 - 00022060 _____ () C:\WINDOWS\KB2510581.log
2014-05-01 15:48 - 2014-05-01 16:28 - 00000000 ____D () C:\ComboFix
2014-05-01 15:21 - 2014-05-01 17:37 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-05-01 15:15 - 2014-04-07 14:16 - 00118784 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iavlsp.dll
2014-04-30 23:00 - 2014-04-30 23:00 - 00000693 _____ () C:\WINDOWS\ie7_main.log
2014-04-30 22:44 - 2014-05-01 19:44 - 00129205 _____ () C:\WINDOWS\updspapi.log
2014-04-30 22:43 - 2014-05-01 19:45 - 00106482 _____ () C:\WINDOWS\ie8Uninst.log
2014-04-30 21:54 - 2014-04-30 21:54 - 00000000 ____D () C:\WINDOWS\system32\config\Before Compact
2014-04-30 21:53 - 2014-04-30 21:53 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2014-04-30 21:22 - 2014-04-30 21:22 - 00000540 _____ () C:\WINDOWS\wmsetup.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00032264 _____ () C:\WINDOWS\tsoc.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00027096 _____ () C:\WINDOWS\comsetup.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00017574 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00011637 _____ () C:\WINDOWS\iis6.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00005064 _____ () C:\WINDOWS\ocmsn.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-30 21:21 - 2014-05-01 19:43 - 00091484 _____ () C:\WINDOWS\FaxSetup.log
2014-04-30 21:21 - 2014-05-01 19:43 - 00051293 _____ () C:\WINDOWS\ocgen.log
2014-04-30 21:21 - 2014-05-01 19:43 - 00004276 _____ () C:\WINDOWS\msgsocm.log
2014-04-30 21:21 - 2014-05-01 17:33 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-28 19:44 - 2014-04-28 19:43 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042814-01.dmp
2014-04-28 19:35 - 2014-04-28 20:03 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2014-04-28 19:32 - 2014-05-01 15:19 - 00000000 ____D () C:\Program Files\Webroot
2014-04-27 21:38 - 2014-04-27 21:37 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213827.backup
2014-04-27 21:37 - 2014-04-27 21:25 - 00449906 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213708.backup
2014-04-27 21:25 - 2014-04-26 15:16 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-212527.backup
2014-04-27 20:59 - 2014-05-02 18:00 - 00000438 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000829 _____ () C:\Documents and Settings\Main\Desktop\SpeedMaxPc.lnk
2014-04-27 20:58 - 2014-04-27 20:58 - 00000529 _____ () C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000396 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Update3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\Common Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Start Menu\Programs\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\DriverCure
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
2014-04-27 20:52 - 2014-05-01 17:33 - 00090681 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-26 22:07 - 2014-04-26 22:07 - 00004347 _____ () C:\Documents and Settings\Main\reset.log
2014-04-26 20:49 - 2014-04-26 20:49 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-26 20:49 - 2014-04-26 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-26 15:26 - 2014-04-26 15:26 - 00000370 _____ () C:\WINDOWS\Tasks\RegAce Scheduled Scan - Main.job
2014-04-26 15:25 - 2014-04-26 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegAce
2014-04-26 15:05 - 2014-04-26 15:05 - 00000000 _RSHD () C:\cmdcons
2014-04-26 15:05 - 2014-04-24 22:42 - 00000239 _____ () C:\Boot.bak
2014-04-26 15:05 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-26 15:03 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-26 15:01 - 2014-05-02 20:01 - 00043133 _____ () C:\WINDOWS\setupapi.log
2014-04-26 14:52 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-26 14:52 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-26 14:47 - 2014-05-01 16:20 - 00000000 ____D () C:\Qoobox
2014-04-26 14:47 - 2014-04-26 15:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-26 14:36 - 2014-04-26 14:32 - 03250704 _____ (WebMinds, Inc. ) C:\Documents and Settings\Main\Desktop\rasetup.exe
2014-04-26 14:36 - 2014-04-26 12:08 - 05196309 ____R (Swearware) C:\Documents and Settings\Main\Desktop\ComboFix.exe
2014-04-26 11:33 - 2014-04-26 11:33 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\iolo
2014-04-25 19:04 - 2014-05-01 17:37 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-04-25 19:02 - 2014-04-25 19:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\iolo
2014-04-25 18:57 - 2014-04-25 18:57 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\ioloGovernor
2014-04-25 18:56 - 2014-04-07 12:26 - 100640488 _____ (iolo technologies, LLC ) C:\Documents and Settings\Main\Desktop\SystemMechanicPro.exe
2014-04-25 18:55 - 2014-05-01 18:58 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-04-25 18:00 - 2014-04-27 21:38 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\ghosts.txt
2014-04-24 23:28 - 2014-05-01 15:47 - 00000000 ____D () C:\Documents and Settings\Main\Desktop\GooredFix Backups
2014-04-24 23:28 - 2014-04-25 15:56 - 00001708 _____ () C:\Documents and Settings\Main\Desktop\GooredFix.txt
2014-04-24 05:32 - 2014-05-02 19:52 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-24 05:32 - 2014-05-02 19:52 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-24 05:32 - 2014-05-02 18:10 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-24 05:32 - 2014-04-24 05:32 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-04-24 05:15 - 2014-05-02 20:01 - 00468201 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 22:11 - 2014-04-23 22:11 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SUPERAntiSpyware.com
2014-04-23 22:09 - 2014-04-25 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-04-23 12:35 - 2014-05-02 14:21 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-04-19 17:27 - 2014-04-19 17:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 20:23 - 2014-05-02 19:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf590a1f4376b6.job

==================== One Month Modified Files and Folders =======

2014-05-02 20:02 - 2014-05-02 20:02 - 00020024 _____ () C:\Documents and Settings\Main\Desktop\FRST.txt
2014-05-02 20:02 - 2014-05-02 20:02 - 00000000 ____D () C:\FRST
2014-05-02 20:01 - 2014-05-02 20:00 - 00000000 ____D () C:\WINDOWS\LastGood
2014-05-02 20:01 - 2014-04-26 15:01 - 00043133 _____ () C:\WINDOWS\setupapi.log
2014-05-02 20:01 - 2014-04-24 05:15 - 00468201 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 19:54 - 2009-08-31 08:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1417399-B04C-4C68-AE33-E6DCFB23B0F0}.job
2014-05-02 19:53 - 2014-05-01 17:37 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-05-02 19:53 - 2014-03-24 16:25 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-02 19:52 - 2014-04-24 05:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-02 19:52 - 2014-04-24 05:32 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-05-02 19:52 - 2014-04-15 20:23 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf590a1f4376b6.job
2014-05-02 19:52 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-02 19:47 - 2014-05-02 20:01 - 01050624 _____ (Farbar) C:\Documents and Settings\Main\Desktop\FRST.exe
2014-05-02 18:10 - 2014-04-24 05:32 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-02 18:10 - 2006-09-21 14:27 - 00000178 ___SH () C:\Documents and Settings\Main\ntuser.ini
2014-05-02 18:00 - 2014-04-27 20:59 - 00000438 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job
2014-05-02 17:23 - 2013-04-20 17:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-02 16:46 - 2014-05-02 16:45 - 00002503 _____ () C:\WINDOWS\KB2964358-IE7.log
2014-05-02 14:21 - 2014-04-23 12:35 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-01 19:48 - 2014-05-01 17:36 - 00000803 _____ () C:\Documents and Settings\Main\Start Menu\Programs\Internet Explorer.lnk
2014-05-01 19:48 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Media
2014-05-01 19:48 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Help
2014-05-01 19:46 - 2014-05-01 19:42 - 00000960 _____ () C:\WINDOWS\Active Setup Log.BAK
2014-05-01 19:45 - 2014-04-30 22:43 - 00106482 _____ () C:\WINDOWS\ie8Uninst.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00032264 _____ () C:\WINDOWS\tsoc.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00027096 _____ () C:\WINDOWS\comsetup.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00017574 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00011637 _____ () C:\WINDOWS\iis6.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00005064 _____ () C:\WINDOWS\ocmsn.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-01 19:45 - 2009-07-19 21:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 19:44 - 2014-04-30 22:44 - 00129205 _____ () C:\WINDOWS\updspapi.log
2014-05-01 19:44 - 2004-08-10 14:03 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-05-01 19:43 - 2014-04-30 21:21 - 00091484 _____ () C:\WINDOWS\FaxSetup.log
2014-05-01 19:43 - 2014-04-30 21:21 - 00051293 _____ () C:\WINDOWS\ocgen.log
2014-05-01 19:43 - 2014-04-30 21:21 - 00004276 _____ () C:\WINDOWS\msgsocm.log
2014-05-01 19:41 - 2014-05-01 19:41 - 00491768 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\ie6setup.exe
2014-05-01 18:58 - 2014-04-25 18:55 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-05-01 17:37 - 2014-05-01 17:28 - 00007502 _____ () C:\WINDOWS\spupdsvc.log
2014-05-01 17:37 - 2014-05-01 15:21 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-05-01 17:37 - 2014-04-25 19:04 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-05-01 17:33 - 2014-05-01 16:40 - 00151190 _____ () C:\WINDOWS\ie8_main.log
2014-05-01 17:33 - 2014-04-30 21:21 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-05-01 17:33 - 2014-04-27 20:52 - 00090681 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-05-01 17:32 - 2014-05-01 17:31 - 00080817 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-05-01 17:31 - 2014-05-01 17:30 - 00085932 _____ () C:\WINDOWS\KB2862772-IE8.log
2014-05-01 17:30 - 2014-05-01 17:30 - 00080201 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-05-01 17:30 - 2014-05-01 17:28 - 00101459 _____ () C:\WINDOWS\KB982381-IE8.log
2014-05-01 17:28 - 2014-05-01 17:24 - 00099799 _____ () C:\WINDOWS\ie8.log
2014-05-01 17:16 - 2014-05-01 16:33 - 00101657 _____ () C:\WINDOWS\KB2936068-IE7.log
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2014-05-01 17:15 - 2014-05-01 16:33 - 00018314 _____ () C:\WINDOWS\KB2909212.log
2014-05-01 17:15 - 2014-05-01 16:32 - 00022060 _____ () C:\WINDOWS\KB2510581.log
2014-05-01 17:15 - 2007-01-11 18:54 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-05-01 17:13 - 2006-09-21 14:27 - 00000000 ____D () C:\Documents and Settings\Main
2014-05-01 16:37 - 2014-05-01 16:37 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\IE8-WindowsXP-x86-ENU.exe
2014-05-01 16:32 - 2006-09-15 10:54 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-05-01 16:28 - 2014-05-01 15:48 - 00000000 ____D () C:\ComboFix
2014-05-01 16:22 - 2004-08-10 13:51 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-01 16:20 - 2014-04-26 14:47 - 00000000 ____D () C:\Qoobox
2014-05-01 15:47 - 2014-04-24 23:28 - 00000000 ____D () C:\Documents and Settings\Main\Desktop\GooredFix Backups
2014-05-01 15:19 - 2014-04-28 19:32 - 00000000 ____D () C:\Program Files\Webroot
2014-04-30 23:00 - 2014-04-30 23:00 - 00000693 _____ () C:\WINDOWS\ie7_main.log
2014-04-30 21:54 - 2014-04-30 21:54 - 00000000 ____D () C:\WINDOWS\system32\config\Before Compact
2014-04-30 21:53 - 2014-04-30 21:53 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2014-04-30 21:22 - 2014-04-30 21:22 - 00000540 _____ () C:\WINDOWS\wmsetup.log
2014-04-30 21:22 - 2004-08-10 14:01 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-04-30 21:22 - 2004-08-10 14:01 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-30 21:22 - 2004-08-10 14:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-04-30 21:22 - 2004-08-10 13:57 - 00662854 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-30 21:22 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Cursors
2014-04-30 21:22 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\addins
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-30 21:04 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-28 20:12 - 2006-09-15 10:42 - 00000356 __RSH () C:\boot.ini
2014-04-28 20:03 - 2014-04-28 19:35 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2014-04-28 19:43 - 2014-04-28 19:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042814-01.dmp
2014-04-27 21:53 - 2013-09-21 16:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-27 21:51 - 2013-09-21 16:58 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-27 21:38 - 2014-04-25 18:00 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\ghosts.txt
2014-04-27 21:37 - 2014-04-27 21:38 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213827.backup
2014-04-27 21:25 - 2014-04-27 21:37 - 00449906 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213708.backup
2014-04-27 21:00 - 2004-08-10 14:04 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-04-27 20:58 - 2014-04-27 20:58 - 00000829 _____ () C:\Documents and Settings\Main\Desktop\SpeedMaxPc.lnk
2014-04-27 20:58 - 2014-04-27 20:58 - 00000529 _____ () C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000396 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Update3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\Common Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Start Menu\Programs\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\DriverCure
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
2014-04-27 20:40 - 2013-09-25 09:26 - 00000466 _____ () C:\WINDOWS\Tasks\At2.job
2014-04-26 22:07 - 2014-04-26 22:07 - 00004347 _____ () C:\Documents and Settings\Main\reset.log
2014-04-26 20:49 - 2014-04-26 20:49 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-26 20:49 - 2014-04-26 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-26 20:48 - 2006-09-15 11:17 - 00000000 ____D () C:\Program Files\Google
2014-04-26 15:33 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-26 15:29 - 2014-04-26 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegAce
2014-04-26 15:26 - 2014-04-26 15:26 - 00000370 _____ () C:\WINDOWS\Tasks\RegAce Scheduled Scan - Main.job
2014-04-26 15:18 - 2014-04-26 14:47 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-26 15:16 - 2014-04-27 21:25 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-212527.backup
2014-04-26 15:05 - 2014-04-26 15:05 - 00000000 _RSHD () C:\cmdcons
2014-04-26 15:02 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-04-26 14:32 - 2014-04-26 14:36 - 03250704 _____ (WebMinds, Inc. ) C:\Documents and Settings\Main\Desktop\rasetup.exe
2014-04-26 14:00 - 2013-09-25 09:26 - 00000466 _____ () C:\WINDOWS\Tasks\At4.job
2014-04-26 12:08 - 2014-04-26 14:36 - 05196309 ____R (Swearware) C:\Documents and Settings\Main\Desktop\ComboFix.exe
2014-04-26 11:33 - 2014-04-26 11:33 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-04-26 11:15 - 2013-10-22 23:05 - 00000000 ____D () C:\Documents and Settings\Main\Local Settings\Application Data\Deployment
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\iolo
2014-04-25 19:20 - 2007-02-23 00:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-25 19:05 - 2006-09-21 14:57 - 00110248 ____C () C:\Documents and Settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-25 19:02 - 2014-04-25 19:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\iolo
2014-04-25 19:02 - 2004-08-10 13:57 - 00347400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-25 18:57 - 2014-04-25 18:57 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\ioloGovernor
2014-04-25 17:06 - 2014-04-23 22:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-04-25 15:56 - 2014-04-24 23:28 - 00001708 _____ () C:\Documents and Settings\Main\Desktop\GooredFix.txt
2014-04-24 22:42 - 2014-04-26 15:05 - 00000239 _____ () C:\Boot.bak
2014-04-24 22:42 - 2004-08-10 13:51 - 00000616 _____ () C:\WINDOWS\win.ini
2014-04-24 05:32 - 2014-04-24 05:32 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-04-24 03:59 - 2011-03-17 19:19 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-24 03:59 - 2007-06-14 23:29 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\Vso
2014-04-23 22:11 - 2014-04-23 22:11 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SUPERAntiSpyware.com
2014-04-23 15:53 - 2011-10-07 22:07 - 00023674 _____ () C:\drwtsn32.log
2014-04-23 15:49 - 2014-01-29 12:35 - 00001100 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-04-23 15:27 - 2008-09-25 17:05 - 00000000 ____D () C:\WINDOWS\pss
2014-04-19 17:27 - 2014-04-19 17:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-18 00:17 - 2006-09-15 11:03 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-18 00:13 - 2006-09-15 10:59 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-04-07 14:16 - 2014-05-01 15:15 - 00118784 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iavlsp.dll
2014-04-07 12:26 - 2014-04-25 18:56 - 100640488 _____ (iolo technologies, LLC ) C:\Documents and Settings\Main\Desktop\SystemMechanicPro.exe

Files to move or delete:
====================
C:\Documents and Settings\Main\GoToAssist_phone__268_en.exe
C:\Documents and Settings\Main\GoToAssist_phone__317_en.exe
C:\Documents and Settings\Main\GoToAssist_phone__320_en.exe
C:\Documents and Settings\Main\UnifiedToolbarCleanup.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

#6
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by Main at 2014-05-02 20:03:26
Running from C:\Documents and Settings\Main\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support 3.1 (HKLM\...\{548EEA8E-8299-497F-8057-811D2D7097DC}) (Version: 5.1.760 - Dell)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.3.1.5 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DiscAPI (Studio 10) (Version: 2.10.0060 - Pinnacle Systems) Hidden
ELIcon (Version: 1.00.0000 - Dell) Hidden
eMusic Remote 1.0 (HKLM\...\eMusic Remote) (Version: 1.0 - eMusic, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{2BDCE73D-C1CF-45BF-B6EB-B010365314A3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{6CC74460-AC9B-4E7E-91FF-833C751C092F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Math Practice (HKLM\...\Math Practice_is1) (Version:  - )
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (PINNACLESYS) (HKLM\...\{689404D2-1C94-44B3-9203-BEC5594FDA7A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Photo Viewer (HKLM\...\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 1.60.110 - )
PowerDVD 5.9 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.1.10 - )
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RAPID (Studio 10) (Version: 1.00.0004 - Pinnacle Systems) Hidden
Secure Game Player (HKLM\...\SkillJam SecurePlayer) (Version:  - )
Sesame Street - Learn, Play & Grow (HKLM\...\{33785AE7-2203-4D93-B6B3-35B7CC3C4906}) (Version: 1.0.0.6 - Nova Development)
Seterra 4.02 (HKLM\...\{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1) (Version: 4.02 - Marianne Wartoft AB)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
SpeedMaxPc (HKLM\...\{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}) (Version: 3.2.1.0 - SpeedMaxPc)
Studio 10 (HKLM\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.5 - Pinnacle Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (HKLM\...\{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}) (Version: 1.1.1347.6 - Microsoft Corporation)
Windows Defender Signatures (Version: 1.20.0.0 - Microsoft Corporation) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (Version: 9.00.3636 - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

26-04-2014 19:03:02 System Checkpoint
28-04-2014 00:40:34 System Checkpoint
28-04-2014 00:51:55 Software Distribution Service 3.0
28-04-2014 01:23:29 Software Distribution Service 3.0
28-04-2014 02:05:51 Software Distribution Service 3.0
28-04-2014 22:27:33 Software Distribution Service 3.0
01-05-2014 21:13:14 Software Distribution Service 3.0
02-05-2014 20:45:16 Software Distribution Service 3.0
03-05-2014 00:00:50 Unsigned driver install

==================== Hosts content: ==========================

2014-04-27 22:01 - 2014-05-01 18:22 - 00000086 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
208.53.183.27 www.maishare.com
208.53.183.27 maishare.com

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf590a1f4376b6.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RegAce Scheduled Scan - Main.job => C:\Program Files\RegAce System Suite\RegAce.exe
Task: C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job => C:\Program Files\Common Files\SpeedMaxPc\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\SpeedMaxPc Update3.job => C:\Program Files\Common Files\SpeedMaxPc\UUS3\Update3.exe
Task: C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job => C:\Program Files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1417399-B04C-4C68-AE33-E6DCFB23B0F0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-10-22 22:28 - 2006-11-01 20:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-10-22 22:28 - 2006-11-01 20:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk => C:\WINDOWS\pss\Service Manager.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSKDetectorExe => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2014 06:49:15 PM) (Source: Application Error) (User: )
Description: Faulting application sysmech.exe, version 12.7.0.62, faulting module sysmech.exe, version 12.7.0.62, fault address 0x0000907e.
Processing media-specific event for [sysmech.exe!ws!]

Error: (04/22/2014 10:27:32 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23580, fault address 0x0014c4d3.
Processing media-specific event for [iexplore.exe!ws!]

Error: (04/18/2014 03:59:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23569, fault address 0x0014c563.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/24/2014 10:29:00 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (03/23/2014 10:24:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6045641

Error: (03/23/2014 10:24:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6045641

Error: (03/23/2014 10:24:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/23/2014 10:24:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6030000

Error: (03/23/2014 10:24:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6030000

Error: (03/23/2014 10:24:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/02/2014 08:03:25 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 08:03:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 08:01:57 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:58:57 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:55:57 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:53:02 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:53:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:52:59 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:52:57 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/02/2014 07:52:56 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Microsoft Office Sessions:
=========================
Error: (05/01/2014 06:49:15 PM) (Source: Application Error)(User: )
Description: sysmech.exe12.7.0.62sysmech.exe12.7.0.620000907e

Error: (04/22/2014 10:27:32 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235800014c4d3

Error: (04/18/2014 03:59:16 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235690014c563

Error: (03/24/2014 10:29:00 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BF

Error: (03/23/2014 10:24:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6045641

Error: (03/23/2014 10:24:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6045641

Error: (03/23/2014 10:24:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/23/2014 10:24:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6030000

Error: (03/23/2014 10:24:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6030000

Error: (03/23/2014 10:24:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 1015.37 MB
Available physical RAM: 637.95 MB
Total Pagefile: 2442.44 MB
Available Pagefile: 2182.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:52.72 GB) (Free:25.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.18 GB) (Free:13.76 GB) NTFS
Drive f: () (Removable) (Total:1.86 GB) (Free:1.41 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=53 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=DB)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 69737369)
No partition Table on disk 1.

==================== End Of Log ============================


  • 0

#7
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-02 20:09:29
-----------------------------
20:09:29.968    OS Version: Windows 5.1.2600 Service Pack 3
20:09:29.968    Number of processors: 1 586 0xD08
20:09:29.984    ComputerName: DELORES  UserName: Main
20:09:30.765    Initialize success
20:17:58.578    AVAST engine defs: 14050201
20:18:57.734    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:18:57.734    Disk 0 Vendor: SAMSUNG_MP0804H UE200-16 Size: 76319MB BusType: 3
20:18:57.890    Disk 0 MBR read successfully
20:18:57.906    Disk 0 MBR scan
20:18:57.953    Disk 0 unknown MBR code
20:18:57.953    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
20:18:57.968    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        53984 MB offset 96390
20:18:58.000    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        18614 MB offset 110655720
20:18:58.031    Disk 0 Partition 4 00     DB  CP/M / CTOS MSWIN4.1     3671 MB offset 148777965
20:18:58.031    Disk 0 scanning sectors +156296385
20:18:58.125    Disk 0 scanning C:\WINDOWS\system32\drivers
20:19:14.906    Service scanning
20:19:38.703    Modules scanning
20:19:43.296    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
20:19:44.625    Disk 0 trace - called modules:
20:19:44.640    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:19:44.656    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d63ab8]
20:19:44.656    3 CLASSPNP.SYS[f7607fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86d796d0]
20:19:45.875    AVAST engine scan C:\WINDOWS
20:19:59.796    AVAST engine scan C:\WINDOWS\system32
20:23:56.062    AVAST engine scan C:\WINDOWS\system32\drivers
20:24:18.765    AVAST engine scan C:\Documents and Settings\Main
20:25:58.156    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Main\Desktop\MBR.dat"
20:25:58.156    The log file has been saved successfully to "C:\Documents and Settings\Main\Desktop\aswMBR.txt"
20:26:23.296    Disk 0 MBR has been saved successfully to "F:\logs\MBR.dat"
20:26:23.343    The log file has been saved successfully to "F:\logs\aswMBR.txt"

 


  • 0

#8
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

I ran the scans before I saw your last post. The file you told me to install on the computer im using to transfer won't open a site. McShield. Page not found.


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

I ran the scans before I saw your last post. The file you told me to install on the computer im using to transfer won't open a site. McShield. Page not found.


Here's an updated link to McShield. http://www.mcshield.net/download.html

Also, you've run ComboFix on this machine, please post the log that can be found here: C:\Qoobox It will be named ComboFix*.txt The star indicates a number, and it will possibly be 1 or 2, depending on the number of times you've run it.
  • 0

#10
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

ComboFix 14-04-26.01 - Main 04/26/2014  15:08:47.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.473 [GMT -4:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
.
FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET94.tmp
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-26 to 2014-04-26  )))))))))))))))))))))))))))))))
.
.
2014-04-26 19:01 . 2014-04-26 19:01 -------- d-----w- c:\windows\LastGood
2014-04-25 23:53 . 2014-04-07 18:16 118784 ----a-w- c:\windows\system32\iavlsp.dll
2014-04-25 23:52 . 2014-04-07 18:21 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2014-04-25 23:52 . 2014-04-25 23:52 -------- d-----w- c:\program files\iolo
2014-04-25 23:49 . 2014-04-26 19:01 -------- d-----w- c:\documents and settings\Main\Application Data\iolo
2014-04-25 23:49 . 2014-04-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2014-04-25 23:27 . 2014-04-25 23:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2014-04-25 23:02 . 2014-04-25 23:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2014-04-25 22:40 . 2014-04-25 22:40 -------- d-----w- c:\program files\CCleaner
2014-04-24 02:11 . 2014-04-24 02:11 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2014-04-23 16:35 . 2014-04-23 20:38 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 14:29 . 2014-02-22 00:29 5777288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-03-06 17:59 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2004-08-10 17:50 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 01:59 . 2014-03-18 13:14 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 02:01 . 2004-08-10 17:51 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-10 17:51 562688 ----a-w- c:\windows\system32\qedit.dll
2004-08-04 10:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 -csh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[-] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\$NtUninstallKB2876217$\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\$NtUninstallKB2850869$\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2004-08-04 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-05-03 . E9549ED22AC6A6D8A937DE88EA42646C . 2070144 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9C8E896FCF103F943EB3F405A974447D . 2070016 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 864E6F476699C1E3E020CE66462785FE . 2069760 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie8\iexplore.exe
[-] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[-] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[-] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
.
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-05-03 . C97D686343987EEECB2600C15D4762E4 . 2193536 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-03-07 . 3FD65320312C8411B72E33DA8661D36A . 2193408 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . CB8E341AFD9042EE70E51715D9A23B1E . 2193024 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-15 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-14 00:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 16:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 05:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 00:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-25 04:30 282624 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-04-03 22:12 777424 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"SQLAgent$PINNACLESYS"=3 (0x3)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$PINNACLESYS"=2 (0x2)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R4 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys --> c:\windows\system32\DRIVERS\PDFsFilter.sys [?]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [9/21/2013 4:58 PM 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [9/21/2013 4:58 PM 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [9/21/2013 4:58 PM 171928]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/1/2008 6:06 PM 47360]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AMP
*Deregistered* - AMPSE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-03-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17 08:15]
.
2014-04-24 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17 08:15]
.
2014-03-24 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17 08:15]
.
2014-04-26 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17 08:15]
.
2014-04-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-21 14:58]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf590a1f4376b6.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 21:42]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 21:42]
.
2014-04-26 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-03-25 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-03-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
2013-11-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-21 14:57]
.
2013-09-21 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-09-21 14:58]
.
2014-04-25 c:\windows\Tasks\User_Feed_Synchronization-{A1417399-B04C-4C68-AE33-E6DCFB23B0F0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: dell.com
Trusted Zone: disneyjunior.com
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.33.1
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-RunOnce-iolo WebUpdate Reboot - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-Monitor - c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-SpamBlocker - c:\program files\SpamBlockerUtility\Bin\4.8.0.0\SbOEAddOn.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-26 15:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\iavlsp.dll
.
Completion time: 2014-04-26  15:22:54
ComboFix-quarantined-files.txt  2014-04-26 19:22
.
Pre-Run: 28,719,435,776 bytes free
Post-Run: 29,056,876,544 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - BCDA42089E2DD4098BA9D8EC2B499506
5CB90281D1A59B251F6603134774EEC3
 


  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

We have some work to do, so let's get started.


Step 1: Program Uninstall

!! Registry Cleaner Warning !!

There were signs of a program that are either currently or have been previously installed on your computer that contain registry cleaners. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.


Please uninstall the following program from your machine: SpeedMaxPC

I will also remove it with the FRST fix to make sure there are no remnants left over from the uninstall. :thumbsup:


Step 2: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Documents and Settings\Main\GoToAssist_phone__268_en.exe
C:\Documents and Settings\Main\GoToAssist_phone__317_en.exe
C:\Documents and Settings\Main\GoToAssist_phone__320_en.exe
C:\Documents and Settings\Main\UnifiedToolbarCleanup.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
2014-04-27 20:59 - 2014-05-02 18:00 - 00000438 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000829 _____ () C:\Documents and Settings\Main\Desktop\SpeedMaxPc.lnk
2014-04-27 20:58 - 2014-04-27 20:58 - 00000529 _____ () C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000396 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Update3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\Common Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Start Menu\Programs\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\DriverCure
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Task: C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job => C:\Program Files\Common Files\SpeedMaxPc\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\SpeedMaxPc Update3.job => C:\Program Files\Common Files\SpeedMaxPc\UUS3\Update3.exe
Task: C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job => C:\Program Files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe
2014-04-27 22:01 - 2014-05-01 18:22 - 00000086 ____A C:\WINDOWS\system32\Drivers\etc\hosts
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Fresh FRST Scan


Start Farbar's Recovery Scan Tool and press the Scan button. FRST will scan your system and produce one log this time. Please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Log

Question: How is the computer running now?

  • 0

#12
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014
Ran by Main at 2014-05-03 15:01:26 Run:1
Running from C:\Documents and Settings\Main\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Documents and Settings\Main\GoToAssist_phone__268_en.exe
C:\Documents and Settings\Main\GoToAssist_phone__317_en.exe
C:\Documents and Settings\Main\GoToAssist_phone__320_en.exe
C:\Documents and Settings\Main\UnifiedToolbarCleanup.bat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
2014-04-27 20:59 - 2014-05-02 18:00 - 00000438 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000829 _____ () C:\Documents and Settings\Main\Desktop\SpeedMaxPc.lnk
2014-04-27 20:58 - 2014-04-27 20:58 - 00000529 _____ () C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000396 _____ () C:\WINDOWS\Tasks\SpeedMaxPc Update3.job
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Program Files\Common Files\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Start Menu\Programs\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SpeedMaxPc
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\DriverCure
2014-04-27 20:58 - 2014-04-27 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Task: C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job => C:\Program Files\Common Files\SpeedMaxPc\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\SpeedMaxPc Update3.job => C:\Program Files\Common Files\SpeedMaxPc\UUS3\Update3.exe
Task: C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job => C:\Program Files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe
2014-04-27 22:01 - 2014-05-01 18:22 - 00000086 ____A C:\WINDOWS\system32\Drivers\etc\hosts
End

*****************

C:\Documents and Settings\Main\GoToAssist_phone__268_en.exe => Moved successfully.
C:\Documents and Settings\Main\GoToAssist_phone__317_en.exe => Moved successfully.
C:\Documents and Settings\Main\GoToAssist_phone__320_en.exe => Moved successfully.
C:\Documents and Settings\Main\UnifiedToolbarCleanup.bat => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
"C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job" => File/Directory not found.
"C:\Documents and Settings\Main\Desktop\SpeedMaxPc.lnk" => File/Directory not found.
C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job => Moved successfully.
"C:\WINDOWS\Tasks\SpeedMaxPc Update3.job" => File/Directory not found.
"C:\Program Files\SpeedMaxPc" => File/Directory not found.
"C:\Program Files\Common Files\SpeedMaxPc" => File/Directory not found.
"C:\Documents and Settings\Main\Start Menu\Programs\SpeedMaxPc" => File/Directory not found.
C:\Documents and Settings\Main\Application Data\SpeedMaxPc => Moved successfully.
C:\Documents and Settings\Main\Application Data\DriverCure => Moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedMaxPc => Moved successfully.
C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job not found.
C:\WINDOWS\Tasks\SpeedMaxPc Update3.job not found.
C:\WINDOWS\Tasks\SpeedMaxPc_sch_3A84CC8C-CE70-11E3-86FA-0014A5C9BD9B.job not found.
C:\WINDOWS\system32\Drivers\etc\hosts => Moved successfully.

==== End of Fixlog ====


  • 0

#13
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

# AdwCleaner v3.205 - Report created 03/05/2014 at 15:08:10
# Updated 28/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Main - DELORES
# Running from : C:\Documents and Settings\Main\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Main\Application Data\DefaultTab
File Deleted : C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg
File Deleted : C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default\prefs.js ]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7

*************************

AdwCleaner[R0].txt - [3360 octets] - [03/05/2014 15:06:48]
AdwCleaner[S0].txt - [3345 octets] - [03/05/2014 15:08:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3405 octets] ##########


  • 0

#14
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Main on Sat 05/03/2014 at 15:26:49.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/03/2014 at 15:31:13.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#15
Tre1208

Tre1208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Main (administrator) on DELORES on 03-05-2014 15:37:12
Running from C:\Documents and Settings\Main\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2006-04-06] (CyberLink Corp.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-10-25] (HP)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-01-05] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2791905825-2927490209-2274467592-1007\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.33.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF Extension: AIM Toolbar - C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\w0y21sav.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2009-06-24]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\eMusic Remote\remoteExt
FF Extension: eMusic Remote Helper - C:\Program Files\eMusic Remote\remoteExt [2007-09-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\eMusic Remote\remoteExt
FF Extension: eMusic Remote Helper - C:\Program Files\eMusic Remote\remoteExt [2007-09-29]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Drive) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]

========================== Services (Whitelisted) =================

S4 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S4 MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S4 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
S4 SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14032 2006-04-03] (Microsoft Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R2 CdaD10BA; C:\WINDOWS\system32\drivers\CdaD10BA.SYS [12464 2007-01-31] (Macrovision Europe Ltd)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-06-02] (Pinnacle Systems GmbH)
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-25] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Main\LOCALS~1\Temp\catchme.sys [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U5 W32Time; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-03 15:31 - 2014-05-03 15:31 - 00001052 _____ () C:\Documents and Settings\Main\Desktop\JRT.txt
2014-05-03 15:26 - 2014-05-03 15:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-03 15:25 - 2014-05-03 15:25 - 01016261 _____ (Thisisu) C:\Documents and Settings\Main\Desktop\JRT.exe
2014-05-03 15:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-03 15:06 - 2014-05-03 15:08 - 00000000 ____D () C:\AdwCleaner
2014-05-03 15:04 - 2014-05-03 15:05 - 01310621 _____ () C:\Documents and Settings\Main\Desktop\adwcleaner.exe
2014-05-02 20:25 - 2014-05-02 20:25 - 00002072 _____ () C:\Documents and Settings\Main\Desktop\aswMBR.txt
2014-05-02 20:25 - 2014-05-02 20:25 - 00000512 _____ () C:\Documents and Settings\Main\Desktop\MBR.dat
2014-05-02 20:08 - 2014-05-02 20:04 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Main\Desktop\aswmbr.exe
2014-05-02 20:03 - 2014-05-02 20:03 - 00024068 _____ () C:\Documents and Settings\Main\Desktop\Addition.txt
2014-05-02 20:02 - 2014-05-03 15:37 - 00019630 _____ () C:\Documents and Settings\Main\Desktop\FRST.txt
2014-05-02 20:02 - 2014-05-03 15:37 - 00000000 ____D () C:\FRST
2014-05-02 20:01 - 2014-05-02 19:47 - 01050624 _____ (Farbar) C:\Documents and Settings\Main\Desktop\FRST.exe
2014-05-02 16:45 - 2014-05-03 05:27 - 00008878 _____ () C:\WINDOWS\KB2964358-IE7.log
2014-05-01 19:42 - 2014-05-01 19:46 - 00000960 _____ () C:\WINDOWS\Active Setup Log.BAK
2014-05-01 19:41 - 2014-05-01 19:41 - 00491768 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\ie6setup.exe
2014-05-01 17:37 - 2014-05-03 15:10 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-05-01 17:36 - 2014-05-01 19:48 - 00000803 _____ () C:\Documents and Settings\Main\Start Menu\Programs\Internet Explorer.lnk
2014-05-01 17:31 - 2014-05-01 17:32 - 00080817 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-05-01 17:30 - 2014-05-01 17:31 - 00085932 _____ () C:\WINDOWS\KB2862772-IE8.log
2014-05-01 17:30 - 2014-05-01 17:30 - 00080201 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-05-01 17:28 - 2014-05-01 17:37 - 00007502 _____ () C:\WINDOWS\spupdsvc.log
2014-05-01 17:28 - 2014-05-01 17:30 - 00101459 _____ () C:\WINDOWS\KB982381-IE8.log
2014-05-01 17:25 - 2014-02-25 18:53 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-05-01 17:25 - 2014-02-25 18:53 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-05-01 17:25 - 2013-09-04 09:47 - 02452872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dat
2014-05-01 17:24 - 2014-05-01 17:28 - 00099799 _____ () C:\WINDOWS\ie8.log
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2014-05-01 16:40 - 2014-05-01 17:33 - 00151190 _____ () C:\WINDOWS\ie8_main.log
2014-05-01 16:37 - 2014-05-01 16:37 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\IE8-WindowsXP-x86-ENU.exe
2014-05-01 16:33 - 2014-05-01 17:16 - 00101657 _____ () C:\WINDOWS\KB2936068-IE7.log
2014-05-01 16:33 - 2014-05-01 17:15 - 00018314 _____ () C:\WINDOWS\KB2909212.log
2014-05-01 16:32 - 2014-05-01 17:15 - 00022060 _____ () C:\WINDOWS\KB2510581.log
2014-05-01 15:48 - 2014-05-01 16:28 - 00000000 ____D () C:\ComboFix
2014-05-01 15:21 - 2014-05-01 17:37 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-05-01 15:15 - 2014-04-07 14:16 - 00118784 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iavlsp.dll
2014-04-30 23:00 - 2014-04-30 23:00 - 00000693 _____ () C:\WINDOWS\ie7_main.log
2014-04-30 22:44 - 2014-05-03 05:27 - 00129552 _____ () C:\WINDOWS\updspapi.log
2014-04-30 22:43 - 2014-05-01 19:45 - 00106482 _____ () C:\WINDOWS\ie8Uninst.log
2014-04-30 21:54 - 2014-04-30 21:54 - 00000000 ____D () C:\WINDOWS\system32\config\Before Compact
2014-04-30 21:53 - 2014-04-30 21:53 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2014-04-30 21:22 - 2014-04-30 21:22 - 00000540 _____ () C:\WINDOWS\wmsetup.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00097667 _____ () C:\WINDOWS\FaxSetup.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00054249 _____ () C:\WINDOWS\ocgen.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00034623 _____ () C:\WINDOWS\tsoc.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00029155 _____ () C:\WINDOWS\comsetup.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00018822 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00012605 _____ () C:\WINDOWS\iis6.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00005406 _____ () C:\WINDOWS\ocmsn.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00004585 _____ () C:\WINDOWS\msgsocm.log
2014-04-30 21:21 - 2014-05-03 05:27 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-30 21:21 - 2014-05-01 19:45 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-28 19:44 - 2014-04-28 19:43 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042814-01.dmp
2014-04-28 19:35 - 2014-04-28 20:03 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2014-04-28 19:32 - 2014-05-01 15:19 - 00000000 ____D () C:\Program Files\Webroot
2014-04-27 21:38 - 2014-04-27 21:37 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213827.backup
2014-04-27 21:37 - 2014-04-27 21:25 - 00449906 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213708.backup
2014-04-27 21:25 - 2014-04-26 15:16 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-212527.backup
2014-04-27 20:52 - 2014-05-01 17:33 - 00090681 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-26 22:07 - 2014-04-26 22:07 - 00004347 _____ () C:\Documents and Settings\Main\reset.log
2014-04-26 20:49 - 2014-04-26 20:49 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-26 20:49 - 2014-04-26 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-26 15:26 - 2014-04-26 15:26 - 00000370 _____ () C:\WINDOWS\Tasks\RegAce Scheduled Scan - Main.job
2014-04-26 15:25 - 2014-04-26 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegAce
2014-04-26 15:05 - 2014-04-26 15:05 - 00000000 _RSHD () C:\cmdcons
2014-04-26 15:05 - 2014-04-24 22:42 - 00000239 _____ () C:\Boot.bak
2014-04-26 15:05 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-26 15:03 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-26 15:01 - 2014-05-03 05:27 - 00044461 _____ () C:\WINDOWS\setupapi.log
2014-04-26 14:52 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-26 14:52 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-26 14:52 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-26 14:47 - 2014-05-01 16:20 - 00000000 ____D () C:\Qoobox
2014-04-26 14:47 - 2014-04-26 15:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-26 14:36 - 2014-04-26 14:32 - 03250704 _____ (WebMinds, Inc. ) C:\Documents and Settings\Main\Desktop\rasetup.exe
2014-04-26 14:36 - 2014-04-26 12:08 - 05196309 ____R (Swearware) C:\Documents and Settings\Main\Desktop\ComboFix.exe
2014-04-26 11:33 - 2014-04-26 11:33 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\iolo
2014-04-25 19:04 - 2014-05-01 17:37 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-04-25 19:02 - 2014-04-25 19:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\iolo
2014-04-25 18:57 - 2014-04-25 18:57 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\ioloGovernor
2014-04-25 18:56 - 2014-04-07 12:26 - 100640488 _____ (iolo technologies, LLC ) C:\Documents and Settings\Main\Desktop\SystemMechanicPro.exe
2014-04-25 18:55 - 2014-05-01 18:58 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-04-25 18:00 - 2014-04-27 21:38 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\ghosts.txt
2014-04-24 23:28 - 2014-05-01 15:47 - 00000000 ____D () C:\Documents and Settings\Main\Desktop\GooredFix Backups
2014-04-24 23:28 - 2014-04-25 15:56 - 00001708 _____ () C:\Documents and Settings\Main\Desktop\GooredFix.txt
2014-04-24 05:32 - 2014-05-03 15:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-24 05:32 - 2014-05-03 15:10 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-24 05:32 - 2014-05-03 15:08 - 00032448 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-24 05:32 - 2014-04-24 05:32 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-04-24 05:15 - 2014-05-03 15:11 - 00501692 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 22:11 - 2014-04-23 22:11 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SUPERAntiSpyware.com
2014-04-23 22:09 - 2014-04-25 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-04-23 12:35 - 2014-05-02 14:21 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-04-19 17:27 - 2014-04-19 17:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 20:23 - 2014-05-03 15:10 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf590a1f4376b6.job

==================== One Month Modified Files and Folders =======

2014-05-03 15:37 - 2014-05-02 20:02 - 00019630 _____ () C:\Documents and Settings\Main\Desktop\FRST.txt
2014-05-03 15:37 - 2014-05-02 20:02 - 00000000 ____D () C:\FRST
2014-05-03 15:35 - 2009-08-31 08:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1417399-B04C-4C68-AE33-E6DCFB23B0F0}.job
2014-05-03 15:31 - 2014-05-03 15:31 - 00001052 _____ () C:\Documents and Settings\Main\Desktop\JRT.txt
2014-05-03 15:26 - 2014-05-03 15:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-03 15:25 - 2014-05-03 15:25 - 01016261 _____ (Thisisu) C:\Documents and Settings\Main\Desktop\JRT.exe
2014-05-03 15:24 - 2013-04-20 17:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 15:11 - 2014-04-24 05:15 - 00501692 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-03 15:11 - 2014-03-24 16:25 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-03 15:10 - 2014-05-01 17:37 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-05-03 15:10 - 2014-04-24 05:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-03 15:10 - 2014-04-24 05:32 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-05-03 15:10 - 2014-04-15 20:23 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf590a1f4376b6.job
2014-05-03 15:10 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-03 15:08 - 2014-05-03 15:06 - 00000000 ____D () C:\AdwCleaner
2014-05-03 15:08 - 2014-04-24 05:32 - 00032448 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-03 15:08 - 2006-09-21 14:27 - 00000178 ___SH () C:\Documents and Settings\Main\ntuser.ini
2014-05-03 15:05 - 2014-05-03 15:04 - 01310621 _____ () C:\Documents and Settings\Main\Desktop\adwcleaner.exe
2014-05-03 15:01 - 2006-09-21 14:27 - 00000000 ____D () C:\Documents and Settings\Main
2014-05-03 05:27 - 2014-05-02 16:45 - 00008878 _____ () C:\WINDOWS\KB2964358-IE7.log
2014-05-03 05:27 - 2014-04-30 22:44 - 00129552 _____ () C:\WINDOWS\updspapi.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00097667 _____ () C:\WINDOWS\FaxSetup.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00054249 _____ () C:\WINDOWS\ocgen.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00034623 _____ () C:\WINDOWS\tsoc.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00029155 _____ () C:\WINDOWS\comsetup.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00018822 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00012605 _____ () C:\WINDOWS\iis6.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00005406 _____ () C:\WINDOWS\ocmsn.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00004585 _____ () C:\WINDOWS\msgsocm.log
2014-05-03 05:27 - 2014-04-30 21:21 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-03 05:27 - 2014-04-26 15:01 - 00044461 _____ () C:\WINDOWS\setupapi.log
2014-05-03 05:27 - 2007-01-11 18:54 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-05-02 20:25 - 2014-05-02 20:25 - 00002072 _____ () C:\Documents and Settings\Main\Desktop\aswMBR.txt
2014-05-02 20:25 - 2014-05-02 20:25 - 00000512 _____ () C:\Documents and Settings\Main\Desktop\MBR.dat
2014-05-02 20:04 - 2014-05-02 20:08 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Main\Desktop\aswmbr.exe
2014-05-02 20:03 - 2014-05-02 20:03 - 00024068 _____ () C:\Documents and Settings\Main\Desktop\Addition.txt
2014-05-02 19:47 - 2014-05-02 20:01 - 01050624 _____ (Farbar) C:\Documents and Settings\Main\Desktop\FRST.exe
2014-05-02 14:21 - 2014-04-23 12:35 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-01 19:48 - 2014-05-01 17:36 - 00000803 _____ () C:\Documents and Settings\Main\Start Menu\Programs\Internet Explorer.lnk
2014-05-01 19:48 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Media
2014-05-01 19:48 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Help
2014-05-01 19:46 - 2014-05-01 19:42 - 00000960 _____ () C:\WINDOWS\Active Setup Log.BAK
2014-05-01 19:45 - 2014-04-30 22:43 - 00106482 _____ () C:\WINDOWS\ie8Uninst.log
2014-05-01 19:45 - 2014-04-30 21:21 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-05-01 19:45 - 2009-07-19 21:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 19:44 - 2004-08-10 14:03 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-05-01 19:41 - 2014-05-01 19:41 - 00491768 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\ie6setup.exe
2014-05-01 18:58 - 2014-04-25 18:55 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-05-01 17:37 - 2014-05-01 17:28 - 00007502 _____ () C:\WINDOWS\spupdsvc.log
2014-05-01 17:37 - 2014-05-01 15:21 - 00000408 _____ () C:\WINDOWS\system32\iolo.ini
2014-05-01 17:37 - 2014-04-25 19:04 - 00000392 _____ () C:\WINDOWS\system32\iolo.ini.txt
2014-05-01 17:33 - 2014-05-01 16:40 - 00151190 _____ () C:\WINDOWS\ie8_main.log
2014-05-01 17:33 - 2014-04-27 20:52 - 00090681 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-05-01 17:32 - 2014-05-01 17:31 - 00080817 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-05-01 17:31 - 2014-05-01 17:30 - 00085932 _____ () C:\WINDOWS\KB2862772-IE8.log
2014-05-01 17:30 - 2014-05-01 17:30 - 00080201 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-05-01 17:30 - 2014-05-01 17:28 - 00101459 _____ () C:\WINDOWS\KB982381-IE8.log
2014-05-01 17:28 - 2014-05-01 17:24 - 00099799 _____ () C:\WINDOWS\ie8.log
2014-05-01 17:16 - 2014-05-01 16:33 - 00101657 _____ () C:\WINDOWS\KB2936068-IE7.log
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-05-01 17:15 - 2014-05-01 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2014-05-01 17:15 - 2014-05-01 16:33 - 00018314 _____ () C:\WINDOWS\KB2909212.log
2014-05-01 17:15 - 2014-05-01 16:32 - 00022060 _____ () C:\WINDOWS\KB2510581.log
2014-05-01 16:37 - 2014-05-01 16:37 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Main\Desktop\IE8-WindowsXP-x86-ENU.exe
2014-05-01 16:32 - 2006-09-15 10:54 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-05-01 16:28 - 2014-05-01 15:48 - 00000000 ____D () C:\ComboFix
2014-05-01 16:22 - 2004-08-10 13:51 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-01 16:20 - 2014-04-26 14:47 - 00000000 ____D () C:\Qoobox
2014-05-01 15:47 - 2014-04-24 23:28 - 00000000 ____D () C:\Documents and Settings\Main\Desktop\GooredFix Backups
2014-05-01 15:19 - 2014-04-28 19:32 - 00000000 ____D () C:\Program Files\Webroot
2014-04-30 23:00 - 2014-04-30 23:00 - 00000693 _____ () C:\WINDOWS\ie7_main.log
2014-04-30 21:54 - 2014-04-30 21:54 - 00000000 ____D () C:\WINDOWS\system32\config\Before Compact
2014-04-30 21:53 - 2014-04-30 21:53 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2014-04-30 21:22 - 2014-04-30 21:22 - 00000540 _____ () C:\WINDOWS\wmsetup.log
2014-04-30 21:22 - 2004-08-10 14:01 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-04-30 21:22 - 2004-08-10 14:01 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-30 21:22 - 2004-08-10 14:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-04-30 21:22 - 2004-08-10 13:57 - 00662854 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-30 21:22 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Cursors
2014-04-30 21:22 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\addins
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-30 21:21 - 2014-04-30 21:21 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-30 21:04 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-30 04:01 - 2006-05-19 09:08 - 03628032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:01 - 2004-08-10 13:51 - 03628032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-28 20:12 - 2006-09-15 10:42 - 00000356 __RSH () C:\boot.ini
2014-04-28 20:03 - 2014-04-28 19:35 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2014-04-28 19:43 - 2014-04-28 19:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042814-01.dmp
2014-04-27 21:53 - 2013-09-21 16:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-27 21:51 - 2013-09-21 16:58 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-27 21:38 - 2014-04-25 18:00 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\ghosts.txt
2014-04-27 21:37 - 2014-04-27 21:38 - 00000135 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213827.backup
2014-04-27 21:25 - 2014-04-27 21:37 - 00449906 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-213708.backup
2014-04-27 21:00 - 2004-08-10 14:04 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-04-26 22:07 - 2014-04-26 22:07 - 00004347 _____ () C:\Documents and Settings\Main\reset.log
2014-04-26 20:49 - 2014-04-26 20:49 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-26 20:49 - 2014-04-26 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-26 20:48 - 2006-09-15 11:17 - 00000000 ____D () C:\Program Files\Google
2014-04-26 15:33 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-26 15:29 - 2014-04-26 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegAce
2014-04-26 15:26 - 2014-04-26 15:26 - 00000370 _____ () C:\WINDOWS\Tasks\RegAce Scheduled Scan - Main.job
2014-04-26 15:18 - 2014-04-26 14:47 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-26 15:16 - 2014-04-27 21:25 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140427-212527.backup
2014-04-26 15:05 - 2014-04-26 15:05 - 00000000 _RSHD () C:\cmdcons
2014-04-26 15:02 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-04-26 14:32 - 2014-04-26 14:36 - 03250704 _____ (WebMinds, Inc. ) C:\Documents and Settings\Main\Desktop\rasetup.exe
2014-04-26 12:08 - 2014-04-26 14:36 - 05196309 ____R (Swearware) C:\Documents and Settings\Main\Desktop\ComboFix.exe
2014-04-26 11:33 - 2014-04-26 11:33 - 00000406 _____ () C:\WINDOWS\system32\ioloBootDefrag.cfg
2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\WINDOWS\system32\config\Original
2014-04-26 11:15 - 2013-10-22 23:05 - 00000000 ____D () C:\Documents and Settings\Main\Local Settings\Application Data\Deployment
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\iolo
2014-04-25 19:20 - 2007-02-23 00:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-25 19:05 - 2006-09-21 14:57 - 00110248 ____C () C:\Documents and Settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-25 19:02 - 2014-04-25 19:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\iolo
2014-04-25 19:02 - 2004-08-10 13:57 - 00347400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-25 18:57 - 2014-04-25 18:57 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\ioloGovernor
2014-04-25 17:06 - 2014-04-23 22:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-04-25 15:56 - 2014-04-24 23:28 - 00001708 _____ () C:\Documents and Settings\Main\Desktop\GooredFix.txt
2014-04-24 22:42 - 2014-04-26 15:05 - 00000239 _____ () C:\Boot.bak
2014-04-24 22:42 - 2004-08-10 13:51 - 00000616 _____ () C:\WINDOWS\win.ini
2014-04-24 05:32 - 2014-04-24 05:32 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-04-24 03:59 - 2011-03-17 19:19 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-24 03:59 - 2007-06-14 23:29 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\Vso
2014-04-23 22:11 - 2014-04-23 22:11 - 00000000 ____D () C:\Documents and Settings\Main\Application Data\SUPERAntiSpyware.com
2014-04-23 15:53 - 2011-10-07 22:07 - 00023674 _____ () C:\drwtsn32.log
2014-04-23 15:49 - 2014-01-29 12:35 - 00001100 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-04-23 15:27 - 2008-09-25 17:05 - 00000000 ____D () C:\WINDOWS\pss
2014-04-19 17:27 - 2014-04-19 17:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-18 00:17 - 2006-09-15 11:03 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-18 00:13 - 2006-09-15 10:59 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-04-07 14:16 - 2014-05-01 15:15 - 00118784 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iavlsp.dll
2014-04-07 12:26 - 2014-04-25 18:56 - 100640488 _____ (iolo technologies, LLC ) C:\Documents and Settings\Main\Desktop\SystemMechanicPro.exe

Some content of TEMP:
====================
C:\Documents and Settings\Main\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP