Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

SearchAssist.net [Closed]

Started by Denisejm , Dec 19 2014 03:29 PM

This topic is locked

#1
Denisejm

Posted 19 December 2014 - 03:29 PM

Member

Member
782 posts

Hi,

I have Windows XP Pro x64, SP2

When trying to update Adobe Reader, I didn't uncheck a box for the program not to also install SearchAssist.net. I didn't realize it until it was too late. I went into Add/Remove Programs and uninstalled SearchAssisst.net but it's still on my pc. I ran several antivirus/malware programs: JRT - Junk File Removal Tool, Spybot s&d, MBAM (with Scan for rootkits checked) , SuperAntiApyware, SecurityCheck, UVK - Ultra Virus Killer, ADWCleaner and RogueKiller, but none of them removed it.

I then uninstalled Firefox and reinstalled it and it appears that SearchAssist.net isn't affecting that browser any longer even though it's still in my pc.

In IE8 for Windows XP x64, when I try to open Tools>Internet Options. I get a blink of the box and it immeidately closes. I can't get into the menu. In Control Panel, the same thing happens. I'm the Admin of my pc. So I thought I'd uninstall EI8 for XP Pro x64 but I can't uninstall it. It comes to a point where it's looking for a gvx.dll.000 file that isn't in my pc and it stops there.

So I thought I'd try an SFC scan but my CD/DVD drive isn't working either.

GeeksToGo has helped me out in the past and I'm hoping you can help me out again.

This is a .txt file that SearchAssist.net placed in My Documents. The name of the folder it created is named Add-in Express and the name of the .txt document is named adxregistrator:

Add-in Express Registrator Log File: 12/13/2014 21:37:01

Installation directory: C:\Program Files\SearchAssist\ie\
Registrator version: 8.3.5068.0
Operating System: Microsoft Windows XP Professional x64 Edition Service Pack 2 (build 3790)
Process Owner: Administrator
Command Line: "C:\Program Files\SearchAssist\ie\adxregistrator.exe" /uninstall="SearchAssist.dll" /privileges=admin
Run 'As Administrator': Yes
Process Elevated: No
Integrity Level: Untrusted
UAC (User Account Control): Off
--------------------------------------------------------------
21:37:01 0164 Starting the add-in unregistration process.
21:37:01 0164 Loading mscoree.dll
21:37:01 0164 Success.
21:37:01 0164 .NET Framework installation directory:
21:37:01 0164 The latest version of .NET Framework: 'v4.0.30319'
21:37:01 0164 Loading CLR: v4.0.30319.
21:37:01 0164 Calling CLRCreateInstance method.
21:37:01 0164 Success.
21:37:01 0164 Calling GetRuntime method.
21:37:01 0164 Success.
21:37:01 0164 Checking if the hosting API of .NET Framework v4.0 beta is installed.
21:37:01 0164 The hosting API is up to date.
21:37:01 0164 Calling GetInterface method for the CorRuntimeHost interface.
21:37:01 0164 Success.
21:37:01 0164 Starting CLR...
21:37:01 0164 Success.
21:37:01 0164 Getting the CLR version.
21:37:01 0164 The CLR v4.0.30319 has been initialized successfully.
21:37:01 0164 Creating a new domain setup.
21:37:01 0164 Success.
21:37:01 0164 Getting the add-in directory.
21:37:01 0164 Success. The directory is 'C:\Program Files\SearchAssist\ie\'
21:37:01 0164 The 'shadow copy' is disabled.
21:37:01 0164 Creating a new application domain.
21:37:01 0164 Success.
21:37:01 0164 Getting the base directory for the domain.
21:37:01 0164 Success. The directory is 'C:\Program Files\SearchAssist\ie\'.
21:37:01 0164 Searching for the Add-in Express core library.
21:37:01 0164 Success. The 'AddinExpress.IE.dll' file is found.
21:37:01 0164 Creating an instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
21:37:01 0164 Assembly identity is 'AddinExpress.IE'.
21:37:01 0164 Success.
21:37:01 0164 Unwrapping the instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
21:37:01 0164 Success.
21:37:01 0164 Calling the managed unregistration procedure.
21:37:01 0500 Connecting to the application domain of the Add-in Express loader.
21:37:01 0500 Success.
21:37:01 0500 Loading the 'searchassist.dll' assembly.
21:37:02 0500 Success.
21:37:02 0500 Unregistering the 'searchassist.dll' assembly (administrator).
21:37:02 0500 The ' searchassist.dll' assembly has been unregistered successfully.
21:37:02 0164 The add-in unregistration process is completed with HRESULT = 0.

If you can help, it'll be greatly appreciated.

#2
Pyxis

Posted 20 December 2014 - 08:51 AM

Trusted Helper

Malware Removal
1,228 posts

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world!

I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep in mind these reminders. Let's get to work! :thumbsup:

Step 1

Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.

'32-bit'
'64-bit'
- Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
- The program will initialize. Press Yes to accept the disclaimer.
- Put a check on Addition.
- Press the Scan button after.
- It will produce FRST.txt and Addition.txt on your desktop once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

Step 2

Download 'SecurityCheck by screen317' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- A black window will appear. Press any key to continue.
- Wait for it to finish. It won't take long.
- A log will automatically pop-up after once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
Note: If you get an error about an unsupported operating system, please reboot your computer and try again.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- Addition.txt (Farbar Recovery Scan Tool)
- FRST.txt (Farbar Recovery Scan Tool)
- checkup.txt (SecurityCheck)

#3
Denisejm

Posted 20 December 2014 - 10:03 AM

Member

Topic Starter
Member
782 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Administrator at 2014-12-20 11:00:55
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Acrobat.com (HKLM-x32\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Advanced WindowsCare Personal (HKLM-x32\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.7.2 - IObit)
AiO_Scan (x32 Version: 51.0.109.000 - Hewlett-Packard) Hidden
AM-DeadLink (HKLM-x32\...\AM-DeadLink) (Version: - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apollo WMV/ASF/ASX to DVD Burner 3.2 (HKLM-x32\...\Apollo WMV/ASF/ASX to DVD Burner_is1) (Version: - Apollo Mulitmedia)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.0.0 (HKLM-x32\...\Audacity_is1) (Version: - )
Auto Gordian Knot 2.45 (HKLM-x32\...\AutoGK) (Version: 2.45 - len0x)
AVI/MPEG/RM Joiner 2.40 (HKLM-x32\...\AVI MPEG RM Joiner_is1) (Version: - Boilsoft, Inc.)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM-x32\...\AVI MPEG RM WMV Splitter_is1) (Version: - boilsoft, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CCScore (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Corel WordPerfect Suite 8 (HKLM-x32\...\Corel WordPerfect Suite 8) (Version: - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
Dziobas Rar Player 0.009.51 (HKLM-x32\...\Dziobas Rar Player_is1) (Version: - Kamil Dzióbek)
Easy Video Joiner 5.01 (HKLM-x32\...\Easy Video Joiner_is1) (Version: - DoEasier Tech Inc.)
Easy Video Splitter 1.28 (HKLM-x32\...\Easy Video Splitter_is1) (Version: - DoEasier Tech Inc)
ESSCDBK (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 5.02.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESShelp (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 5.02.0000.0004 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpaht (x32 Version: 5.01.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpot (x32 Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
FairUse Wizard 2 (HKLM-x32\...\FairUse Wizard 2) (Version: (v2.8) - FairUse Wizard)
Falco Icon Studio 2.7 (HKLM-x32\...\Falco Icon Studio_is1) (Version: - Falco, Inc.)
ffdshow x64 v1.1.3611 [2010-10-06] (HKLM\...\ffdshow64_is1) (Version: 1.1.3611.0 - )
Free YouTube Downloader 3.5.136 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
HD Tune 2.54 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HLPIndex (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HP Beta Printer Drivers for Windows XP x64 (5.64.0.17) (HKLM\...\{25E0F2BA-399C-4cf8-A654-53797016CB77}) (Version: 5.64.0.10 - HP)
HP Photosmart Essential (HKLM-x32\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
KSU (x32 Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
MediaInfo 0.7.7.4 (HKLM-x32\...\MediaInfo) (Version: 0.7.7.4 - )
MGI PhotoSuite 4 (Remove Only) (HKLM-x32\...\MGI_PRISM_V4_0) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVtoolnix 2.2.0 (HKLM-x32\...\MKVtoolnix) (Version: 2.2.0 - Moritz Bunkus)
Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MP3 Bitrate Changer 1.1 (HKLM-x32\...\MP3 Bitrate Changer_is1) (Version: - Pianosoft)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D}) (Version: 6.20.2016.0 - Microsoft Corporation)
Nero 7 Demo (HKLM-x32\...\{84B2CF01-194D-2284-B313-F2E0D78D1033}) (Version: 7.00.1461 - Nero AG)
Notifier (x32 Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 125.24 - NVIDIA Corporation)
OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pazera Free FLV to AVI Converter 1.5 (HKLM-x32\...\{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1) (Version: 1.5 - Jacek Pazera)
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
PCDADDIN (x32 Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
PCDHELP (x32 Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
Peck's Power Join (HKLM-x32\...\ST4UNST #1) (Version: - )
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM-x32\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5898 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
Scan (x32 Version: 6.0.0.0 - Hewlett-Packard) Hidden
SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50 PB5 (Public Beta 5) - C. Ghisler & Co.)
TransBar (HKLM-x32\...\TransBar) (Version: - )
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2836198) (HKLM\...\KB2836198) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2890882) (HKLM\...\KB2890882) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows XP (KB932596) (HKLM\...\KB932596) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.5.0 - Carifred)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
VPRINTOL (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version: - AGCM)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version: - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
WIRELESS (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
XviD v1.2.0 CVS (HKLM\...\XviD MPEG-4 Video Codec_is1) (Version: - Celtic Druid)
XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME) (HKLM-x32\...\XviD) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1560305870-1003223559-3566357663-500_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1560305870-1003223559-3566357663-500_Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InprocServer32 -> C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

==================== Restore Points =========================

19-12-2014 15:54:41 Restore Operation
20-12-2014 00:54:07 Revo Uninstaller's restore point - DRIVERfighter
20-12-2014 00:58:22 Revo Uninstaller's restore point - Smart Driver Updater v3.2
20-12-2014 00:59:36 Revo Uninstaller's restore point - FULL-DISKfighter
20-12-2014 01:02:08 Revo Uninstaller's restore point - Winferno Registry Power Cleaner
20-12-2014 01:03:57 Revo Uninstaller's restore point - Winferno Registry Power Cleaner
20-12-2014 01:11:55 Revo Uninstaller's restore point - Winferno Registry Power Cleaner
20-12-2014 01:14:14 Revo Uninstaller's restore point - WinPcap 4.1.2
20-12-2014 10:39:08 Revo Uninstaller's restore point - Yahoo! Toolbar
20-12-2014 10:42:52 Revo Uninstaller's restore point - Wise Program Uninstaller 1.65

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-02-18 07:00 - 2013-10-29 17:57 - 00000098 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DRIVERfighter Auto Start.job => C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe
Task: C:\WINDOWS\Tasks\MIX.job => C:\PROGRA~2\WinMX\WinMX.exe

==================== Loaded Modules (whitelisted) =============

2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-27 19:42 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\WINDOWS\pss\Start GeekBuddy.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => C:\Program Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor =>
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\SysWOW64\NeroCheck.exe
MSCONFIG\startupreg: SmartRAM => "C:\Program Files (x86)\WindowsCare v2.7\MemCleaner.exe" /m
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TransBar => C:\Program Files (x86)\TransparentBar\TransBar.exe /s
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1560305870-1003223559-3566357663-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1560305870-1003223559-3566357663-501 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1560305870-1003223559-3566357663-1001 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC #3
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 10:27:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application driverfighter.exe, version 1.1.31.0, faulting module driverfighter.exe, version 1.1.31.0, fault address 0x000045ee.
Processing media-specific event for [driverfighter.exe!ws!]

Error: (12/19/2014 03:58:43 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (12/19/2014 00:38:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred while attempting to read from the file: N:\- PROGRAMS\Downloaded Programs\Security Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/19/2014 11:52:32 AM) (Source: MsiInstaller) (EventID: 11316) (User: KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred while attempting to read from the file: N:\- PROGRAMS\Downloaded Programs\Security Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/15/2014 10:47:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred while attempting to read from the file: N:\- PROGRAMS\Downloaded Programs\Security Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/13/2014 09:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.5.5443, faulting module mozalloc.dll, version 34.0.5.5443, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/08/2014 06:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/08/2014 06:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/06/2014 10:26:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mpc-hc.exe, version 1.4.2499.0, faulting module mpc-hc.exe, version 1.4.2499.0, fault address 0x002a7b6a.
Processing media-specific event for [mpc-hc.exe!ws!]

Error: (12/06/2014 09:10:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

System errors:
=============
Error: (12/20/2014 10:49:11 AM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

Error: (12/20/2014 10:49:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/20/2014 10:47:56 AM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Error: (12/20/2014 10:23:54 AM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

Error: (12/20/2014 10:23:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/20/2014 10:22:37 AM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Error: (12/20/2014 00:47:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/19/2014 03:59:42 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

Error: (12/19/2014 03:59:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/19/2014 03:58:57 PM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Microsoft Office Sessions:
=========================
Error: (07/17/2014 05:19:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/05/2012 10:35:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:44:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:44:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:44:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:43:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 4094 MB
Available physical RAM: 2878.59 MB
Total Pagefile: 5892.95 MB
Available Pagefile: 4814.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:34.18 GB) (Free:12.04 GB) NTFS
Drive d: (M 20-89, WS) (Fixed) (Total:897.33 GB) (Free:244.65 GB) NTFS
Drive e: (M 90-07, TOONS, ANIMS, COM) (Fixed) (Total:1863.01 GB) (Free:640.39 GB) NTFS
Drive f: (M 08-PR, MIX) (Fixed) (Total:1863.01 GB) (Free:1374.53 GB) NTFS
Drive g: (HD MOVIES, MINI-SERIES) (Fixed) (Total:1863.01 GB) (Free:352.82 GB) NTFS
Drive h: (DOCUMENTARIES) (Fixed) (Total:931.51 GB) (Free:151 GB) NTFS
Drive i: (BKS DOG HOL MU P&F SF&TE) (Fixed) (Total:931.51 GB) (Free:482.48 GB) NTFS
Drive j: (TV 1-D) (Fixed) (Total:931.51 GB) (Free:279.21 GB) NTFS
Drive k: (TV E-I, VIDEO CLIPS) (Fixed) (Total:1863.01 GB) (Free:1046.44 GB) NTFS
Drive l: (TV J-M, BIBLICAL) (Fixed) (Total:931.51 GB) (Free:398.23 GB) NTFS
Drive m: (TV N-SO) (Fixed) (Total:931.51 GB) (Free:454.06 GB) NTFS
Drive n: (TV ST-Z CL DR H&F MS PR RS) (Fixed) (Total:1863.01 GB) (Free:636.04 GB) NTFS
Drive z: (new tv episodes) (Fixed) (Total:931.51 GB) (Free:79.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C1E3C1E)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=897.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9374)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 20643CEF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9375)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 43F5C04D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B49DBCD4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B6370A21)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C76BC76B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3DC003A1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A2FC6F33)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 10 (Size: 1863 GB) (Disk ID: BAB1BAB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9FFEDC44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4
Denisejm

Posted 20 December 2014 - 10:05 AM

Member

Topic Starter
Member
782 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Administrator (administrator) on KINGKONG on 20-12-2014 11:00:06
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18670592 2009-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2009-03-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Ad-Aware 11\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [36X Raid Configurer] => C:\WINDOWS\SysWOW64\xRaidSetup.exe [1970176 2007-11-19] (JMicron Technology Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-12-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> D:\- Webshots\Launcher.exe (Webshots.com)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\Shell32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\Shell32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...0029,0,102,6944
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> DefaultScope {2B4F8C05-3C18-447C-BBA7-86DD55755208} URL = https://search.yahoo...1,20028,0,102,0
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> {2B4F8C05-3C18-447C-BBA7-86DD55755208} URL = https://search.yahoo...1,20028,0,102,0
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\Shell32.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10508288 2009-02-10] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8360960 2009-02-10] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default
FF NewTab: https://us.search.ya...031,0,FF34,6944
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141251,20030,0,102,0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\user.js
FF Extension: WOT - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-19]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-18] (SUPERAntiSpyware.com)
R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [911360 2011-01-26] (ATI Technologies Inc.)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-12-12] (Avira Operations GmbH & Co. KG)
S3 CiSvc; C:\Windows\SysWOW64\cisvc.exe [6656 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [337920 2013-08-08] (SPAMfighter ApS) [File not signed]
R2 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\Windows\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
S4 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
S4 LavasoftAdAwareService11; C:\Program Files\Ad-Aware 11\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LmHosts; C:\Windows\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S4 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDE; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
R2 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
S2 nvsvc; C:\WINDOWS\system32\nvsvc64.exe [178688 2009-09-27] (NVIDIA Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-18] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S4 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
S4 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\Windows\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S4 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation)
S4 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1066496 2013-04-22] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [620032 2013-04-22] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog; [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1794560 2009-01-09] (Creative)
S4 AmdIde; No ImagePath
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S4 arc; No ImagePath
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16512 2002-07-16] (Adaptec) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-06] ()
S4 Atdisk; No ImagePath
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7718912 2011-01-26] (ATI Technologies Inc.)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; No ImagePath
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
S1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [5396992 2009-07-20] (Realtek Semiconductor Corp.)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [105312 2009-06-25] (JMicron Technology Corp.) [File not signed]
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1854976 2009-01-09] (Creative Technology Ltd.)
S4 mraid35x; No ImagePath
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9687424 2009-09-27] (NVIDIA Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [72736 2009-08-21] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
S1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R0 rr232x; C:\Windows\System32\drivers\rr232x.sys [144384 2007-10-26] (HighPoint Technologies, Inc.) [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [124928 2007-11-22] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; No ImagePath
R3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-16] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-16] (Microsoft Corporation)
S4 TosIde; No ImagePath
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S4 ultra; No ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-29] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: Browser -> No ServiceDLL Path.
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> No ServiceDLL Path.
NETSVCx32: Messenger -> No ServiceDLL Path.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> No ServiceDLL Path.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 10:44 - 2014-12-20 10:44 - 00004536 _____ () C:\Documents and Settings\Administrator\Desktop\FightersLogs.zip
2014-12-20 10:24 - 2014-12-20 10:48 - 00000000 _____ () C:\WINDOWS\0.log
2014-12-20 10:22 - 2014-12-20 10:47 - 00003638 _____ () C:\WINDOWS\PFRO.log
2014-12-20 01:27 - 2014-12-20 01:27 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-20 01:27 - 2014-12-20 01:27 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 01:04 - 2014-12-20 01:04 - 00000583 _____ () C:\WINDOWS\system32\MyDefrag.debuglog
2014-12-20 00:58 - 2014-12-20 00:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Winferno
2014-12-20 00:53 - 2014-12-20 10:47 - 00000414 _____ () C:\WINDOWS\Tasks\DRIVERfighter Auto Start.job
2014-12-20 00:53 - 2014-12-20 10:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-12-20 00:53 - 2014-12-20 10:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Yahoo!
2014-12-20 00:53 - 2014-12-20 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Fighters
2014-12-20 00:53 - 2014-12-20 01:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Fighters
2014-12-20 00:53 - 2014-12-20 00:53 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Fighters
2014-12-20 00:53 - 2014-12-20 00:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
2014-12-20 00:46 - 2014-12-20 00:48 - 00000000 ____D () C:\Adobe_Flash_Player_Firefox_Mozilla_Opera_Chrome_64bit_v11
2014-12-19 12:33 - 2014-12-19 12:33 - 00000782 _____ () C:\Firefox 34.0.5.lnk
2014-12-19 12:24 - 2014-12-20 10:43 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-19 12:23 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-18 23:31 - 2014-12-19 00:23 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-12-18 23:28 - 2014-12-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot S&D v
2014-12-18 19:57 - 2005-03-24 17:35 - 00232448 ____C (Eicon Networks) C:\Windows\System32\dllcache\xlog.exe
2014-12-18 19:57 - 2005-03-24 17:35 - 00214272 ____C (Microsoft) C:\Windows\System32\dllcache\yk51x64.sys
2014-12-18 19:56 - 2007-02-17 01:05 - 00024192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wstcodec.sys
2014-12-18 19:56 - 2007-02-17 01:04 - 00532480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdmtpdr.dll
2014-12-18 19:56 - 2007-02-17 01:04 - 00202752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdmtp.dll
2014-12-18 19:56 - 2007-02-17 01:02 - 00119552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wceusbsh.sys
2014-12-18 19:56 - 2007-02-17 01:02 - 00080896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wiamsmud.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00097280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdmtpus.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00093696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdconns.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00055808 ____C (S2io Inc.) C:\Windows\System32\dllcache\xenamd64.sys
2014-12-18 19:56 - 2005-03-24 17:35 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdusb.sys
2014-12-18 19:56 - 2005-03-24 17:35 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmiacpi.sys
2014-12-18 19:56 - 2005-03-24 17:35 - 00015360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpdtrace.dll
2014-12-18 19:56 - 2005-03-24 17:35 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wshirda.dll
2014-12-18 19:56 - 2005-03-24 17:34 - 00128000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wiafbdrv.dll
2014-12-18 19:56 - 2005-03-24 17:34 - 00114816 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\wetn5b64.sys
2014-12-18 19:56 - 2005-03-24 17:34 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wd.sys
2014-12-18 19:55 - 2007-02-17 01:01 - 00081920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\vfwwdm32.dll
2014-12-18 19:55 - 2007-02-17 01:01 - 00044032 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\vidcap.ax
2014-12-18 19:55 - 2007-02-17 01:00 - 00216320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00102912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00061440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\uliagpkx.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00058880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\uagp35.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccid.sys
2014-12-18 19:55 - 2007-02-17 01:00 - 00026368 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbohci.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbser.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00038912 ____C (Promise Technology, Inc.) C:\Windows\System32\dllcache\ultra.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00036608 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\viairda.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00034432 ____C (ULi Electronics Inc.) C:\Windows\System32\dllcache\uli5261.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\viaide.sys
2014-12-18 19:55 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\toside.sys
2014-12-18 19:54 - 2007-02-17 00:55 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\smb0w.dll
2014-12-18 19:54 - 2007-02-17 00:55 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sonyait.sys
2014-12-18 19:54 - 2005-03-24 17:34 - 00084992 ____C (LSI Logic) C:\Windows\System32\dllcache\symmpi.sys
2014-12-18 19:54 - 2005-03-24 17:34 - 00041984 ____C (LSI Logic) C:\Windows\System32\dllcache\symc8xx.sys
2014-12-18 19:54 - 2005-03-24 17:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\tandqic.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00039936 ____C (LSI Logic) C:\Windows\System32\dllcache\sym_u3.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00037376 ____C (LSI Logic) C:\Windows\System32\dllcache\sym_hi.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00028160 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\stcusb.sys
2014-12-18 19:54 - 2005-03-24 17:25 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\streamip.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00068608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\smb3w.dll
2014-12-18 19:54 - 2005-03-24 17:24 - 00046080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sm91w.dll
2014-12-18 19:54 - 2005-03-24 17:24 - 00043008 ____C (SiS Corporation) C:\Windows\System32\dllcache\sisnic.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\slip.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sonymc.sys
2014-12-18 19:54 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\snyaitmc.sys
2014-12-18 19:53 - 2007-02-17 00:54 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scsiscan.sys
2014-12-18 19:53 - 2007-02-17 00:53 - 00040576 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\sccmusbm.sys
2014-12-18 19:53 - 2007-02-17 00:51 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rndismpx.sys
2014-12-18 19:53 - 2007-02-17 00:51 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rasirda.sys
2014-12-18 19:53 - 2007-02-17 00:51 - 00032256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys
2014-12-18 19:53 - 2007-02-17 00:50 - 00316928 ____C () C:\Windows\System32\dllcache\psisdecd.dll
2014-12-18 19:53 - 2007-02-17 00:50 - 00271872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ptpusd.dll
2014-12-18 19:53 - 2007-02-17 00:50 - 00025344 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\pscr.sys
2014-12-18 19:53 - 2007-02-17 00:50 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\qic157.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00094208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rfcomm.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00059904 ____C (Realtek Semiconductor Corporation) C:\Windows\System32\dllcache\rtl39a64.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00044032 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\sccmn50m.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00037888 ____C (Realtek Semiconductor Corporation ) C:\Windows\System32\dllcache\rtl69a64.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00032256 ____C (SCM Microsystems) C:\Windows\System32\dllcache\scr111.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00031232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scmstcs.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00030720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sermouse.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scsiprnt.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\seaddsmc.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\serscan.sys
2014-12-18 19:53 - 2005-03-24 17:24 - 00010240 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\rsmgrstr.dll
2014-12-18 19:53 - 2005-03-24 17:23 - 00057344 ____C () C:\Windows\System32\dllcache\psisrndr.ax
2014-12-18 19:52 - 2007-02-17 00:44 - 00944640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2psvc.dll
2014-12-18 19:52 - 2007-02-17 00:44 - 00505856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pgraph.dll
2014-12-18 19:52 - 2007-02-17 00:44 - 00161024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\phildec.sys
2014-12-18 19:52 - 2007-02-17 00:44 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\powerfil.sys
2014-12-18 19:52 - 2005-03-24 17:22 - 00135680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pnetsh.dll
2014-12-18 19:52 - 2005-03-24 17:22 - 00132608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pgasvc.dll
2014-12-18 19:52 - 2005-03-24 17:22 - 00077824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pnrpnsp.dll
2014-12-18 19:52 - 2005-03-24 17:22 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pnrmc.sys
2014-12-18 19:51 - 2007-02-17 00:41 - 00124416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nv_agp.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00103680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nabtsfec.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00062976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstape.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msircomm.sys
2014-12-18 19:51 - 2007-02-17 00:39 - 00008064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstee.sys
2014-12-18 19:51 - 2005-03-24 17:22 - 00186880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2p.dll
2014-12-18 19:51 - 2005-03-24 17:21 - 00185344 ____C (NVIDIA Corporation) C:\Windows\System32\dllcache\nvenet.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00042240 ____C (National Semiconductor Corporation) C:\Windows\System32\dllcache\nscirda.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ne2000.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00017408 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ndisip.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nsmmc.sys
2014-12-18 19:51 - 2005-03-24 17:21 - 00005120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msmpu401.sys
2014-12-18 19:25 - 2007-02-17 00:38 - 00094720 ____C () C:\Windows\System32\dllcache\msdvbnp.ax
2014-12-18 19:25 - 2007-02-17 00:38 - 00071680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdv.sys
2014-12-18 19:25 - 2007-02-17 00:36 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ltotape.sys
2014-12-18 19:25 - 2007-02-17 00:35 - 00026112 ____C (Litronic Industries) C:\Windows\System32\dllcache\lit220p.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00036352 ____C (LSI Logic Corporation) C:\Windows\System32\dllcache\mraid35x.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00028672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\modemcsa.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00023040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mpe.sys
2014-12-18 19:25 - 2005-03-24 17:21 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\miniqic.sys
2014-12-18 19:25 - 2005-03-24 17:20 - 00569344 ____C (Agere Systems) C:\Windows\System32\dllcache\ltmdm64.sys
2014-12-18 19:25 - 2005-03-24 17:20 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mammoth.sys
2014-12-18 19:25 - 2005-03-24 17:20 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\loop.sys
2014-12-18 19:24 - 2007-02-17 00:35 - 00138752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kswdmcap.ax
2014-12-18 19:24 - 2007-02-17 00:35 - 00088064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kstvtune.ax
2014-12-18 19:24 - 2005-03-24 17:20 - 00074752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ksxbar.ax
2014-12-18 19:23 - 2007-02-17 00:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbdjpn.dll
2014-12-18 19:23 - 2007-02-17 00:34 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbdkor.dll
2014-12-18 19:21 - 2007-02-17 00:31 - 00237056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irftp.exe
2014-12-18 19:21 - 2007-02-17 00:31 - 00152576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irda.sys
2014-12-18 19:21 - 2007-02-17 00:31 - 00043008 ____C (SigmaTel, Inc.) C:\Windows\System32\dllcache\irstusb.sys
2014-12-18 19:21 - 2007-02-17 00:31 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irsir.sys
2014-12-18 19:21 - 2005-03-24 17:20 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
2014-12-18 19:21 - 2005-03-24 17:20 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101c.dll
2014-12-18 19:21 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd103.dll
2014-12-18 19:21 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
2014-12-18 19:21 - 2005-03-24 17:19 - 00070784 ____C (Intel Corporation) C:\Windows\System32\dllcache\ixg5132e.sys
2014-12-18 19:21 - 2005-03-24 17:19 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ipsink.ax
2014-12-18 19:21 - 2005-03-24 17:19 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irmon.dll
2014-12-18 19:21 - 2005-03-24 17:19 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\intelide.sys
2014-12-18 19:19 - 2005-03-24 17:19 - 00048128 ____C (Intel Corp./ICP vortex GmbH) C:\Windows\System32\dllcache\iirsp.sys
2014-12-18 19:19 - 2005-03-24 17:18 - 01038048 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmnt5.sys
2014-12-18 19:19 - 2005-03-24 17:18 - 00885760 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdd5.dll
2014-12-18 19:19 - 2005-03-24 17:18 - 00244992 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdev5.dll
2014-12-18 19:19 - 2005-03-24 17:18 - 00136704 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdnt5.dll
2014-12-18 19:19 - 2005-03-24 17:18 - 00055296 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmrnt5.dll
2014-12-18 19:18 - 2007-02-17 00:28 - 00385024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpojwia.dll
2014-12-18 19:18 - 2007-02-17 00:28 - 00035840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidbatt.sys
2014-12-18 19:18 - 2007-02-17 00:22 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\gagp30kx.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 01080832 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsf_dp4.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00804352 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfcnxt4.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00241664 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaudio.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00236032 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfbs4.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00080896 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdashcut.exe
2014-12-18 19:18 - 2005-03-24 17:18 - 00063872 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\get5a64.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00044544 ____C (Gemplus) C:\Windows\System32\dllcache\grserial.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00043008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidbth.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00037402 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfc4.dll
2014-12-18 19:18 - 2005-03-24 17:18 - 00033280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpsjmcro.dll
2014-12-18 19:18 - 2005-03-24 17:18 - 00030720 ____C (Gemplus) C:\Windows\System32\dllcache\gpr400.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00028672 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaprop.dll
2014-12-18 19:18 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidir.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidgame.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpt4qic.sys
2014-12-18 19:18 - 2005-03-24 17:18 - 00006144 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaudres.dll
2014-12-18 19:17 - 2007-02-17 00:17 - 00182784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00652288 ____C (AVM Berlin) C:\Windows\System32\dllcache\fpcibase.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00643072 ____C (AVM Berlin) C:\Windows\System32\dllcache\fpcmbase.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00232960 ____C (Intel Corporation) C:\Windows\System32\dllcache\e1g5132e.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00191744 ____C (Intel Corporation) C:\Windows\System32\dllcache\efe5b32e.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00103936 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucm.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunib.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuni.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00076800 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimg.dll
2014-12-18 19:17 - 2005-03-24 17:17 - 00062848 ____C (VIA Technologies, Inc. ) C:\Windows\System32\dllcache\fet5a64.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\elmsmc.sys
2014-12-18 19:17 - 2005-03-24 17:17 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\exabyte2.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00491520 ____C (Eicon Networks) C:\Windows\System32\dllcache\diwansrv.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00462336 ____C (Eicon Networks) C:\Windows\System32\dllcache\dimaint.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00404480 ____C (Eicon Networks) C:\Windows\System32\dllcache\ditrace.exe
2014-12-18 19:17 - 2005-03-24 17:16 - 00045056 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvsu.dll
2014-12-18 19:17 - 2005-03-24 17:16 - 00038400 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvpp.dll
2014-12-18 19:17 - 2005-03-24 17:16 - 00035328 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\dpti2o.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00032768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4usb.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4prt.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4scan.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlttape.sys
2014-12-18 19:17 - 2005-03-24 17:16 - 00006144 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvci.dll
2014-12-18 19:16 - 2007-02-17 00:09 - 00260096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\csamsp.dll
2014-12-18 19:16 - 2007-02-17 00:09 - 00031360 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\cmbp0wdm.sys
2014-12-18 19:16 - 2007-02-17 00:09 - 00021120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cmbatt.sys
2014-12-18 19:16 - 2007-02-17 00:09 - 00015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\compbatt.sys
2014-12-18 19:16 - 2005-03-24 17:16 - 00310784 ____C (Eicon Networks) C:\Windows\System32\dllcache\dicapi.sys
2014-12-18 19:16 - 2005-03-24 17:16 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ddsmc.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00096768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzport.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00094720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyyport.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyycoins.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00036864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzcoins.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzports.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyyports.dll
2014-12-18 19:16 - 2005-03-24 17:15 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyclad-z.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyclom-y.sys
2014-12-18 19:16 - 2005-03-24 17:15 - 00013824 ____C (CMD Technology, Inc.) C:\Windows\System32\dllcache\cmdide.sys
2014-12-18 19:15 - 2007-02-17 00:05 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ccdecode.sys
2014-12-18 19:15 - 2005-03-24 17:14 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\changer.sys
2014-12-18 01:19 - 2005-03-24 17:16 - 00023552 ____C (Eicon Networks Corporation) C:\Windows\System32\dllcache\diapi264.dll
2014-12-18 01:19 - 2005-03-24 17:12 - 00018432 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmc2064.dll
2014-12-18 01:16 - 2007-02-17 00:05 - 00320512 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthport.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00196608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthpan.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00065536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthmodem.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthprint.sys
2014-12-18 01:16 - 2007-02-17 00:05 - 00027648 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthenum.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00147456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\brmfcwia.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00082944 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmflpt.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00068608 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfusb.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00063488 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfrsmg.exe
2014-12-18 01:16 - 2005-03-24 17:14 - 00059904 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brserwdm.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00041984 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparwdm.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00037376 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brevif.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00036352 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfbidi.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00035840 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brbidiif.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthusb.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bulltlp3.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00022016 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltlo.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00019968 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbmdm.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbscn.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brcoinst.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00015360 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brserif.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00008192 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltup.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries,Ltd.) C:\Windows\System32\dllcache\brscnrsm.dll
2014-12-18 01:16 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparimg.sys
2014-12-18 01:16 - 2005-03-24 17:14 - 00006656 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brfilt.sys
2014-12-18 01:15 - 2007-02-17 00:03 - 00026112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bdaplgin.ax
2014-12-18 01:15 - 2007-02-17 00:03 - 00020864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bdasup.sys
2014-12-18 01:15 - 2007-02-17 00:03 - 00018816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\battc.sys
2014-12-18 01:15 - 2005-03-24 17:14 - 00480256 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\bcmwl564.sys
2014-12-18 00:51 - 2014-12-18 00:51 - 00000000 ____D () C:\RegBackup
2014-12-18 00:50 - 2007-02-17 00:03 - 00067968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\avc.sys
2014-12-18 00:50 - 2007-02-17 00:03 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\agp440.sys
2014-12-18 00:50 - 2007-02-17 00:02 - 00078080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00264704 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinevxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00192768 ____C (AVM GmbH) C:\Windows\System32\dllcache\b1cbase.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00191488 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\b57amd64.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00188416 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmcoxp.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00168960 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmenum.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00104960 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmcowan.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00101888 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinesxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00084992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinraxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00080896 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinbtxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00073728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atineuxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00040960 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinxbxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00036864 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinsnxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00036352 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativtmxx.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00033280 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativtmww.dll
2014-12-18 00:50 - 2005-03-24 17:12 - 00031744 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativmvxx.ax
2014-12-18 00:50 - 2005-03-24 17:12 - 00030720 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmunet.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00023552 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativmvww.ax
2014-12-18 00:50 - 2005-03-24 17:12 - 00022144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\avcstrm.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00020992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinpdxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00020480 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinmdxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00018944 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinttxx.sys
2014-12-18 00:50 - 2005-03-24 17:12 - 00013824 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativdaxx.ax
2014-12-18 00:50 - 2005-03-24 17:12 - 00009728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativdaww.ax
2014-12-18 00:50 - 2005-03-24 17:11 - 01127424 ____C (Agere Systems) C:\Windows\System32\dllcache\agrsm64.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00246784 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\adpu320.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00182272 ____C (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00160256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00120832 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00117248 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00108032 ____C (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
2014-12-18 00:50 - 2005-03-24 17:11 - 00093696 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00062464 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\arc.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00059392 ____C (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00053248 ____C (AMD) C:\Windows\System32\dllcache\amdac97.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00031744 ____C (Advanced Micro Devices (AMD), Inc.) C:\Windows\System32\dllcache\amd64n5.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00018432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00009216 ____C (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\amdide.sys
2014-12-18 00:50 - 2005-03-24 17:11 - 00004608 ____C (Agere Systems) C:\Windows\System32\dllcache\agrsco64.dll
2014-12-18 00:39 - 2014-12-18 00:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-18 00:39 - 2014-12-18 00:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-12-17 23:47 - 2014-12-17 23:48 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Firefox Bookmarks Backup 17Nov14
2014-12-16 20:02 - 2014-12-20 11:00 - 00000000 ____D () C:\FRST
2014-12-15 21:55 - 2014-12-15 21:55 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-15 21:55 - 2014-12-15 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-15 11:15 - 2014-12-17 22:21 - 00000000 ____D () C:\AdwCleaner
2014-12-15 08:39 - 2014-12-15 08:42 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-12-15 08:39 - 2014-12-15 08:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\UVK - Ultra Virus Killer
2014-12-14 13:33 - 2014-12-14 13:33 - 00005100 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-12-14 13:30 - 2014-12-14 13:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-14 12:52 - 2014-12-14 12:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Lavasoft
2014-12-13 21:29 - 2014-12-13 21:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
2014-12-13 21:29 - 2014-12-13 21:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics
2014-12-13 21:27 - 2014-12-13 21:29 - 00000000 ____D () C:\Program Files\Ad-Aware 11
2014-12-13 21:27 - 2014-12-13 21:27 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-13 21:26 - 2014-12-13 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v4$
2014-12-13 21:01 - 2014-12-14 14:25 - 00000390 __RSH () C:\Documents and Settings\Administrator\ntuser.pol
2014-12-13 21:01 - 2014-12-13 21:01 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Add-in Express
2014-12-13 21:00 - 2014-12-13 21:37 - 00000000 ____D () C:\Program Files\SearchAssist
2014-12-12 08:42 - 2014-12-13 21:12 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security Trace.evt
2014-12-12 08:42 - 2014-12-13 21:12 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security CEF.evt
2014-12-09 23:09 - 2015-01-09 23:13 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Calenders 2015
2014-12-03 15:51 - 2014-12-03 15:51 - 00003737 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-11-20 11:55 - 2014-11-08 13:01 - 00003719 _____ () C:\- Drive Index 113014.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 11:00 - 2012-01-19 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-20 10:48 - 2014-07-08 00:44 - 00716490 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-20 10:47 - 2014-06-06 18:32 - 00000300 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-20 10:47 - 2009-05-29 06:01 - 00000159 _____ () C:\Documents and Settings\LocalService\wiadebug.log
2014-12-20 10:47 - 2009-05-29 06:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-20 10:46 - 2009-05-29 06:01 - 00032632 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2014-12-20 10:46 - 2009-05-29 06:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-12-20 10:46 - 2009-05-29 06:01 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-20 10:25 - 2014-07-08 00:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Calenders 2014
2014-12-20 01:19 - 2012-03-25 20:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-20 01:18 - 2011-08-02 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-12-20 00:48 - 2009-05-29 07:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-12-20 00:00 - 2014-03-28 21:34 - 00000262 _____ () C:\WINDOWS\Tasks\MIX.job
2014-12-19 15:58 - 2014-06-19 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 15:56 - 2009-05-29 06:01 - 00000000 ___SD () C:\Documents and Settings\NetworkService
2014-12-19 15:56 - 2009-05-29 06:01 - 00000000 ___SD () C:\Documents and Settings\LocalService
2014-12-19 12:33 - 2014-05-27 19:42 - 00000788 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-19 12:33 - 2014-05-27 19:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-19 12:22 - 2007-02-18 07:00 - 00013736 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-19 11:26 - 2011-01-08 13:16 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-12-19 10:29 - 2011-06-08 17:07 - 00000265 _____ () C:\Documents and Settings\Administrator\wiadebug.log
2014-12-18 23:23 - 2013-04-26 15:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2014-12-17 23:44 - 2014-11-04 10:52 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Firefox Bookmarks Backup 04Nov14
2014-12-15 08:47 - 2013-04-26 10:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\WindowsShell.Manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\wuaucpl.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\sapi.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\nwc.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\ncpa.cpl.manifest
2014-12-15 08:42 - 2009-05-29 05:54 - 00000749 ___RH () C:\WINDOWS\system32\cdplayer.exe.manifest
2014-12-14 11:57 - 2013-05-05 01:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-12-13 21:26 - 2009-05-29 01:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\mui
2014-12-13 21:26 - 2009-05-29 01:35 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-12-13 21:21 - 2009-05-29 01:42 - 00716606 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-13 21:14 - 2014-10-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-12-13 21:12 - 2014-10-28 10:44 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO Internet Security.evt
2014-12-12 09:13 - 2014-06-06 18:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-12 09:13 - 2014-06-06 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-12 09:13 - 2014-06-06 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-12-10 20:21 - 2009-06-19 12:52 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-12-10 15:06 - 2011-06-05 16:15 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\My Files
2014-12-08 19:20 - 2014-10-28 11:26 - 00354520 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2014-12-08 19:20 - 2014-10-28 11:26 - 00286424 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2014-12-02 20:44 - 2014-11-11 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-12-02 20:44 - 2012-05-20 16:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-02 20:44 - 2010-10-12 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-12-01 11:21 - 2009-05-29 01:35 - 00000000 ____D () C:\WINDOWS\Help
2014-12-01 10:07 - 2011-06-05 16:17 - 00000000 ____D () C:\Icons
2014-11-28 11:05 - 2010-10-02 20:35 - 00000151 _____ () C:\WINDOWS\PhotoSnapViewer.INI

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

#5
Denisejm

Posted 20 December 2014 - 10:12 AM

Member

Topic Starter
Member
782 posts

Results of screen317's Security Check version 0.99.93
Windows XP x64
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Ad-Aware Antivirus
Avira Desktop
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Advanced WindowsCare Personal
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.235
Adobe Reader XI
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Ad-Aware 11 Ad-Aware Antivirus 11.4.6792.0 AdAwareTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#6
Denisejm

Posted 22 December 2014 - 10:11 AM

Member

Topic Starter
Member
782 posts

Are you not going to help me anymore?

#7
Pyxis

Posted 22 December 2014 - 12:19 PM

Trusted Helper

Malware Removal
1,228 posts

Hi Denisejm,

Are you not going to help me anymore?

It's not that, it's just that I have other things to do too, you know.

Step 1

You seem to have too many anti-virus programs running in your system. While it is normal to think that "the more the merrier" in certain occasions, it does not apply when choosing an anti-virus. Having multiple ones of the same kind installed (e.g. more than one anti-virus program) will make your system run slower, and they will go against one another thereby making them inefficient.

I advise you to uninstall all but one of the following programs through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7):
- Ad-Aware Antivirus
- Avira Desktop
If you are having difficulties, please tell me.

Step 2

Copy and paste the following into Notepad and save as fixlist.txt to your desktop:

Task: C:\WINDOWS\Tasks\MIX.job => C:\PROGRA~2\WinMX\WinMX.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...0029,0,102,6944
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> DefaultScope {2B4F8C05-3C18-447C-BBA7-86DD55755208} URL = https://search.yahoo...1,20028,0,102,0
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> {2B4F8C05-3C18-447C-BBA7-86DD55755208} URL = https://search.yahoo...1,20028,0,102,0
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
FF NewTab: https://us.search.ya...031,0,FF34,6944
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141251,20030,0,102,0
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\user.js
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset

Run your copy of FRST. It is important to ensure it is located in your desktop.
Press the Fix button.
It will produce a log (fixlog.txt) once done.
Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- fixlog.txt (Farbar Recovery Scan Tool)

#8
Denisejm

Posted 22 December 2014 - 04:16 PM

Member

Topic Starter
Member
782 posts

Sorry . . . it's a busy time of year. I just wasn't sure. Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Administrator at 2014-12-22 17:14:52 Run:2
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\WINDOWS\Tasks\MIX.job => C:\PROGRA~2\WinMX\WinMX.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.SearchAss...&m=639&c=d&s=sp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.SearchAss...&m=639&c=d&s=sp
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...0029,0,102,6944
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> DefaultScope {2B4F8C05-3C18-447C-BBA7-86DD55755208} URL = https://search.yahoo...1,20028,0,102,0
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> {2B4F8C05-3C18-447C-BBA7-86DD55755208} URL = https://search.yahoo...1,20028,0,102,0
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
FF NewTab: https://us.search.ya...031,0,FF34,6944
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141251,20030,0,102,0
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\user.js
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset
*****************

C:\WINDOWS\Tasks\MIX.job => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B4F8C05-3C18-447C-BBA7-86DD55755208}" => Key deleted successfully.
HKCR\CLSID\{2B4F8C05-3C18-447C-BBA7-86DD55755208} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
"HKCR\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key could not be deleted. Error: -1073741772
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D}" => Key deleted successfully.
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
Firefox newtab deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnxe1pti.default\user.js => Moved successfully.
Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog ====

#9
Pyxis

Posted 22 December 2014 - 11:41 PM

Trusted Helper

Malware Removal
1,228 posts

Hi Denisejm,

No worries. Which anti-virus did you end up keeping? Also, do the problems you mentioned still exist?

Step 1

Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
```
CloseProcesses:
EmptyTemp:
2014-12-13 21:00 - 2014-12-13 21:37 - 00000000 ____D () C:\Program Files\SearchAssist
```
- Run your copy of FRST. It is important to ensure it is located in your desktop.
- Press the Fix button.
- It will produce a log (fixlog.txt) once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.

Step 2

Run your copy of FRST. Copy and paste the following into its Search box:
```
Bootcat.cache;wininit.exe
```
- Press the Search File(s) button.
- It will produce a log (Search.txt) once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.

Step 3

Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
- Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
- Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):
- The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
- Upon completion, select List of found threats > Export to text file....
- Press Back and put a check on the following:
  - Uninstall application on close
  - Delete quarantined files
- Click Finish.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- fixlog.txt (Farbar Recovery Scan Tool)
- Search.txt (Farbar Recovery Scan Tool)
- log.txt (ESET Online Scan)

#10
Denisejm

Posted 24 December 2014 - 08:07 AM

Member

Topic Starter
Member
782 posts

I chose to uninstall Ad-Aware and leave Avira. Firefox is working well. It opens to my default search engine when I open a Tab and WOT is also working right.

I still can't open Internet Options in IE8 x64 and I can't open it in Control Panel either.

#11
Denisejm

Posted 24 December 2014 - 08:07 AM

Member

Topic Starter
Member
782 posts

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Administrator at 2014-12-24 08:55:33 Run:3
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
EmptyTemp:
2014-12-13 21:00 - 2014-12-13 21:37 - 00000000 ____D () C:\Program Files\SearchAssist
*****************

Processes closed successfully.
C:\Program Files\SearchAssist => Moved successfully.
EmptyTemp: => Removed 404.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#12
Denisejm

Posted 24 December 2014 - 08:09 AM

Member

Topic Starter
Member
782 posts

Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Administrator at 2014-12-24 09:08:26
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Boot Mode: Normal

================== Search Files: "Bootcat.cache;wininit.exe" =============

====== End Of Search ======

#13
Denisejm

Posted 24 December 2014 - 09:49 AM

Member

Topic Starter
Member
782 posts

ESET logfile:

C:\System Volume Information\_restore{636D5E3F-A0BD-498E-BC08-1CB213D1C1D9}\RP1099\A0288726.exe   a variant of Win32/XrayMyPC potentially unwanted application   deleted - quarantined
N:\- PROGRAMS\Downloaded Programs\Computer Programs\Adobe Flash Player\Adobe Flash Player manual download.exe   a variant of Win32/InstallIQ.A potentially unwanted application   deleted - quarantined
N:\- PROGRAMS\Downloaded Programs\Computer Programs\Adobe_Flash_Player_Firefox x64 v 11.6.601.180\Adobe Flash Player - Firefox 64bit v11.6.602.180 TSV3FMVZ1.exe   a variant of Win32/ClientConnect.A potentially unwanted application   deleted - quarantined

#14
Denisejm

Posted 24 December 2014 - 11:00 AM

Member

Topic Starter
Member
782 posts

Can you give me a link for Adobe Reader, Adobe Flash Player and Adobe ActiveX for XP x64, whatever will work for IE8 and Firefox? This way, I'll download them and keep the .exe files if ever I need to uninstall then reinstall them.

.|,

-*-

'/'\` MERRY CHRISTMAS !!

/`'o\

/#,o'`\

o/`"#,`\o

`-.`"#.-'

_|"|_

\=%=/

#15
Pyxis

Posted 24 December 2014 - 02:56 PM

Trusted Helper

Malware Removal
1,228 posts

Hi Denisejm,

Good work! Please give me a fresh FRST log.

I still can't open Internet Options in IE8 x64 and I can't open it in Control Panel either.

Are you getting any errors, or are both options just unresponsive?

Can you give me a link for Adobe Reader, Adobe Flash Player and Adobe ActiveX for XP x64, whatever will work for IE8 and Firefox? This way, I'll download them and keep the .exe files if ever I need to uninstall then reinstall them.

Know that these are frequently updated, so enabling the automatic update function of each might be more convenient. As you may be aware, you need to ensure that you untick any optional offers these products may come with (like some security scanner).