Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus Infection - Programmes Disabled

Started by elielieli , Nov 18 2015 05:37 AM

Page 3 of 7
1
2
3
4
5

Please log in to reply

#31
elielieli

Posted 23 November 2015 - 03:04 PM

Member

Topic Starter
Member
176 posts

OTL logfile created on: 23/11/2015 20:56:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Asus\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 449.53 Mb Available Physical Memory | 44.27% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.77 Gb Total Space | 1.32 Gb Free Space | 2.94% Space Free | Partition Type: NTFS
Drive D: | 29.76 Gb Total Space | 28.44 Gb Free Space | 95.56% Space Free | Partition Type: NTFS
Drive H: | 74.51 Gb Total Space | 4.68 Gb Free Space | 6.28% Space Free | Partition Type: FAT32

Computer Name: ASUS-LAPTOP | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/11/23 20:49:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
PRC - [2015/10/15 20:45:01 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
PRC - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 14:26:54 | 001,400,832 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2011/01/12 14:23:48 | 000,966,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2011/01/12 14:16:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/20 12:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/06/17 15:14:14 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicMus\MulMouse.exe
PRC - [2004/06/09 14:57:18 | 000,233,472 | ---- | M] () -- C:\Program Files\MagicMus\MagicWl.exe

========== Modules (No Company Name) ==========

MOD - [2015/11/22 01:38:51 | 002,994,176 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15112101\algo.dll
MOD - [2015/10/15 20:45:06 | 000,103,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/10/15 20:45:03 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 15:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/15 12:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2006/01/20 12:34:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2006/01/20 12:34:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2006/01/20 12:34:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2006/01/20 12:34:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2006/01/20 12:34:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2004/06/17 15:14:14 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicMus\MulMouse.exe
MOD - [2004/06/09 14:57:18 | 000,233,472 | ---- | M] () -- C:\Program Files\MagicMus\MagicWl.exe
MOD - [2004/04/01 16:46:26 | 000,126,976 | ---- | M] () -- C:\Program Files\MagicMus\Function\Function.dll
MOD - [2004/04/01 15:59:58 | 000,390,656 | ---- | M] () -- C:\Program Files\MagicMus\MouHelp.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2015/11/04 19:08:23 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/15 20:45:01 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/12 14:23:48 | 000,966,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Asus\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys -- (cpuz138)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Asus\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2015/11/07 21:46:10 | 000,794,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2015/11/07 21:46:10 | 000,435,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/10/15 20:45:57 | 000,057,888 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/10/15 20:45:56 | 000,208,664 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/10/15 20:45:56 | 000,157,888 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswStmXP.sys -- (aswStmXP)
DRV - [2015/10/15 20:45:56 | 000,076,000 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/10/15 20:45:56 | 000,055,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/10/15 20:45:56 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/10/15 20:45:56 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/10/05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/07 03:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/05/19 20:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/06/25 15:10:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 04:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/05/26 10:50:14 | 000,018,560 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/01/20 12:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/13 17:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/03/22 12:45:38 | 000,006,528 | ---- | M] (Waytech Development, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MUsbFltr.sys -- (MUsbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.default-s...m=302&src=ds&p=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.cohort: "web.xml"
FF - prefs.js..browser.search.countryCode: "GB"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "GB"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://dub121.mail....99048441&fid=1"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/10/15 20:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/11/04 19:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/07 10:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Extensions
[2015/09/05 17:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\extensions
[2015/09/05 17:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\extensions\staged
[2015/11/21 14:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2015/11/21 14:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/11/04 19:08:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2015/11/22 21:02:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk = C:\WINDOWS\system32\C2MP\UpdateChecker.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65CBEE6-C44B-4AFC-BAA5-B7F2838A178D}: DhcpNameServer = 192.168.11.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/25 14:35:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/11/23 20:51:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
[2015/11/23 19:25:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Settings
[2015/11/23 12:55:54 | 022,908,888 | ---- | C] (Malwarebytes                                                ) -- C:\Documents and Settings\Asus\Desktop\mbam-setup-2.2.0.1024.exe
[2015/11/22 21:10:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2015/11/22 20:41:35 | 005,639,131 | R--- | C] (Swearware) -- C:\Documents and Settings\Asus\Desktop\ComboFix.exe
[2015/11/22 20:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2015/11/22 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2015/11/22 15:11:28 | 002,508,432 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Asus\Desktop\procexp.exe
[2015/11/22 15:11:13 | 005,127,432 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Asus\Desktop\spsetup128.exe
[2015/11/22 01:55:42 | 000,786,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Asus\Desktop\rectordecryptor.exe
[2015/11/22 01:45:27 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Asus\Desktop\aswmbr.exe
[2015/11/22 01:33:36 | 000,000,000 | ---D | C] -- C:\found.000
[2015/11/21 22:26:58 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.ZZZ...ZZZZ
[2015/11/21 22:26:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Asus\Recent
[2015/11/21 22:23:57 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\WINDOWS\System32\drivers\4E2249A6.sys
[2015/11/21 19:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Start Menu\Programs\NirSoft ShellExView
[2015/11/21 19:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2015/11/21 19:03:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2015/11/19 12:07:52 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/19 12:07:38 | 001,378,816 | ---- | C] (Farbar) -- C:\Documents and Settings\Asus\Desktop\FRST.exe
[2015/11/18 10:55:36 | 117,766,424 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Asus\Desktop\iTunesSetup.exe
[2015/11/17 20:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Local Settings\Application Data\MalwareProtectionLive
[2015/11/09 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Desktop\Walker Brothers - Make It Easy On Yourself
[2015/11/09 17:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Desktop\2010 - Original Album Classics
[2015/11/09 17:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Desktop\1966 - Portrait (Remastered 1998)
[2015/11/05 18:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Desktop\Take it Easy With The Walker Brothers
[2015/11/04 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Asus\Desktop\*.tmp files -> C:\Documents and Settings\Asus\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/11/23 20:49:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
[2015/11/23 19:25:37 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2015/11/23 19:25:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/11/23 13:56:36 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/11/23 13:06:47 | 136,896,512 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2015/11/22 21:02:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2015/11/22 15:25:55 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2015/11/22 12:56:56 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\george.exe.lnk
[2015/11/22 01:47:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\MBR.dat
[2015/11/22 01:21:20 | 000,006,567 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\VEW1
[2015/11/21 22:34:36 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\4E2249A6.sys
[2015/11/21 22:23:33 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2015/11/21 18:39:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015/11/21 14:21:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/11/19 11:55:58 | 001,378,816 | ---- | M] (Farbar) -- C:\Documents and Settings\Asus\Desktop\FRST.exe
[2015/11/19 01:42:53 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/18 10:59:48 | 117,766,424 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Asus\Desktop\iTunesSetup.exe
[2015/11/17 07:56:56 | 005,639,131 | R--- | M] (Swearware) -- C:\Documents and Settings\Asus\Desktop\ComboFix.exe
[2015/11/16 23:15:50 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\weather.rtf
[2015/11/16 17:59:58 | 000,049,603 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\389607_301312473230886_1381058797_n.jpg
[2015/11/07 21:46:10 | 000,794,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2015/11/07 21:46:10 | 000,435,464 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2015/11/05 12:54:22 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2015/11/04 21:55:04 | 000,008,781 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\suuplant.rtf
[2015/10/26 17:00:41 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2015/10/25 09:16:24 | 000,474,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015/10/25 09:16:23 | 000,076,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Asus\Desktop\*.tmp files -> C:\Documents and Settings\Asus\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/11/22 20:25:57 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\ServicesRepair.exe
[2015/11/22 15:25:55 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2015/11/22 12:56:56 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\george.exe.lnk
[2015/11/22 01:47:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\MBR.dat
[2015/11/22 01:21:20 | 000,006,567 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\VEW1
[2015/11/22 00:57:38 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Asus\Desktop\VEW.exe
[2015/11/21 19:25:11 | 000,141,568 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\shexview_setup.exe
[2015/11/19 01:42:53 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/16 17:59:57 | 000,049,603 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\389607_301312473230886_1381058797_n.jpg
[2015/11/06 22:11:40 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\weather.rtf
[2015/10/26 17:00:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2014/12/04 18:05:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2014/12/04 18:05:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2014/12/02 13:08:01 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2014/09/25 21:53:04 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini
[2014/08/12 02:30:50 | 003,916,288 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2014/08/12 02:30:10 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/08/12 02:29:36 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2014/08/12 02:29:16 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2014/08/12 02:29:16 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2014/08/12 02:29:14 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2014/08/12 02:29:14 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2014/08/12 02:29:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2014/08/12 02:29:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2014/08/12 02:29:12 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2014/06/12 10:49:24 | 000,240,784 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2014/04/08 20:50:26 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/04/08 20:50:16 | 000,632,320 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/12/17 02:19:30 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2013/12/17 02:15:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[2013/12/17 02:15:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\bass_tak.dll
[2013/12/17 01:28:34 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2013/12/17 01:28:26 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2013/12/17 01:26:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2013/06/28 21:24:46 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Asus\Application Data\CamShapes.ini
[2013/06/28 21:24:46 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Asus\Application Data\CamLayout.ini
[2013/06/28 21:24:46 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Asus\Application Data\Camdata.ini
[2013/06/28 21:17:15 | 000,004,511 | ---- | C] () -- C:\Documents and Settings\Asus\Application Data\CamStudio.cfg
[2012/08/27 18:19:10 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Asus\Local Settings\Application Data\dt.dat
[2012/05/29 09:19:37 | 000,091,494 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-2052111302-725345543-1003-0.dat
[2012/05/29 00:14:51 | 000,096,258 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

========== ZeroAccess Check ==========

[2012/05/25 14:31:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/25 03:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 440 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.ZZZ...ZZZZ:1

< End of report >

#32
RKinner

Posted 23 November 2015 - 03:56 PM

Malware Expert

Expert
24,441 posts

Looks like you forgot to do:

Copy the text in the code box by highlighting and Ctrl + c

/md5start
http.sys
/md5stop

before hitting the scan button. Can you try again?

#33
elielieli

Posted 23 November 2015 - 08:32 PM

Member

Topic Starter
Member
176 posts

Sorry 'bout that

OTL logfile created on: 23/11/2015 22:10:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Asus\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 311.95 Mb Available Physical Memory | 30.72% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.77 Gb Total Space | 1.16 Gb Free Space | 2.59% Space Free | Partition Type: NTFS
Drive D: | 29.76 Gb Total Space | 28.44 Gb Free Space | 95.56% Space Free | Partition Type: NTFS
Drive H: | 74.51 Gb Total Space | 4.68 Gb Free Space | 6.28% Space Free | Partition Type: FAT32

Computer Name: ASUS-LAPTOP | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/11/23 20:49:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
PRC - [2015/11/07 21:46:09 | 006,133,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/11/04 19:08:27 | 000,392,872 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015/10/15 20:45:01 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/28 02:12:16 | 000,048,744 | ---- | M] () -- C:\WINDOWS\system32\C2MP\UpdateChecker.exe
PRC - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
PRC - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 14:26:54 | 001,400,832 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2011/01/12 14:23:48 | 000,966,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2011/01/12 14:16:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/17 15:14:14 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicMus\MulMouse.exe
PRC - [2004/06/09 14:57:18 | 000,233,472 | ---- | M] () -- C:\Program Files\MagicMus\MagicWl.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 15:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 04:42:12 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 04:41:58 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\mpr.dll
MOD - [2008/04/14 04:41:56 | 000,110,080 | ---- | M] () -- C:\WINDOWS\system32\imm32.dll
MOD - [2004/06/17 15:14:14 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicMus\MulMouse.exe
MOD - [2004/04/01 16:46:26 | 000,126,976 | ---- | M] () -- C:\Program Files\MagicMus\Function\Function.dll
MOD - [2004/04/01 15:59:58 | 000,390,656 | ---- | M] () -- C:\Program Files\MagicMus\MouHelp.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2015/11/04 19:08:23 | 000,147,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/15 20:45:01 | 000,146,600 | ---- | M] () [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/06 13:58:51 | 000,078,336 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/12 14:23:48 | 000,966,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/08/27 05:57:43 | 000,099,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 13:17:06 | 000,058,880 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 06:14:49 | 000,132,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 17:17:26 | 000,045,568 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 12:10:48 | 000,617,472 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/29 20:10:04 | 000,046,104 | ---- | M] () [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 000,881,664 | ---- | M] () [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 000,132,096 | ---- | M] () [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 000,034,312 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 20:26:58 | 000,253,952 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 16:02:47 | 000,245,248 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/04/14 04:42:42 | 000,126,464 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 04:42:40 | 000,289,792 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 04:42:40 | 000,073,216 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 04:42:40 | 000,018,432 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/14 04:42:36 | 000,141,312 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 04:42:36 | 000,089,600 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 04:42:34 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 04:42:30 | 000,111,104 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 04:42:30 | 000,111,104 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 04:42:30 | 000,078,848 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 04:42:28 | 000,006,144 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 04:42:26 | 000,075,264 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2008/04/14 04:42:26 | 000,032,768 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 04:42:24 | 000,150,528 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 04:42:18 | 000,224,768 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 04:42:18 | 000,005,120 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 04:42:18 | 000,005,120 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/14 04:42:16 | 000,033,280 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 04:42:16 | 000,005,632 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 04:42:14 | 000,044,544 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 04:42:12 | 000,483,840 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 04:42:12 | 000,129,024 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 04:42:12 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 04:42:12 | 000,006,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 04:42:10 | 000,333,824 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 04:42:10 | 000,185,856 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 04:42:10 | 000,175,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 04:42:10 | 000,144,896 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 04:42:10 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 04:42:10 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 04:42:08 | 000,295,424 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 04:42:08 | 000,249,856 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 04:42:08 | 000,171,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 04:42:08 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 04:42:08 | 000,071,680 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 04:42:06 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 04:42:06 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 04:42:06 | 000,039,424 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/14 04:42:06 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 04:42:04 | 000,435,200 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 04:42:04 | 000,409,088 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 04:42:04 | 000,291,328 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 04:42:04 | 000,186,368 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 04:42:04 | 000,088,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 04:42:04 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 04:42:02 | 000,198,144 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 04:42:00 | 000,033,792 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 04:41:58 | 000,061,440 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 04:41:58 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 04:41:58 | 000,013,824 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 04:41:56 | 000,331,264 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 04:41:54 | 000,132,096 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 04:41:54 | 000,033,792 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 04:41:54 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 04:41:54 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 04:41:52 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 04:41:52 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 04:41:52 | 000,042,496 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 04:41:50 | 000,167,936 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 04:41:50 | 000,017,408 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/03/15 12:00:00 | 000,132,608 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2006/03/15 12:00:00 | 000,038,912 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2006/03/15 12:00:00 | 000,025,088 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2004/08/10 03:11:50 | 000,085,504 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\mhn.dll -- (MHN)
SRV - [2004/08/10 03:04:42 | 000,102,912 | ---- | M] () [Auto | Running] -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/08/10 03:04:40 | 000,194,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\ehome\ehRecvr.exe -- (ehRecvr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Asus\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys -- (cpuz138)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Asus\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2015/11/07 21:46:10 | 000,794,952 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2015/11/07 21:46:10 | 000,435,464 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/10/15 20:45:57 | 000,057,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/10/15 20:45:56 | 000,208,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/10/15 20:45:56 | 000,157,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswStmXP.sys -- (aswStmXP)
DRV - [2015/10/15 20:45:56 | 000,076,000 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/10/15 20:45:56 | 000,055,200 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/10/15 20:45:56 | 000,049,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/10/15 20:45:56 | 000,024,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/10/05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 13:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2010/10/07 03:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/05/19 20:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/06/25 15:10:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/04/13 23:27:28 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 23:21:26 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 23:21:26 | 000,059,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 23:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 23:06:36 | 000,187,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 21:09:24 | 000,142,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/08/28 04:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/05/26 10:50:14 | 000,018,560 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/03/15 12:00:00 | 000,018,688 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2006/03/15 12:00:00 | 000,013,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2006/03/15 12:00:00 | 000,011,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2006/03/15 12:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2006/01/20 12:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/13 17:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/03/22 12:45:38 | 000,006,528 | ---- | M] (Waytech Development, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MUsbFltr.sys -- (MUsbFltr)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.default-s...m=302&src=ds&p=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.cohort: "web.xml"
FF - prefs.js..browser.search.countryCode: "GB"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "GB"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://dub121.mail....99048441&fid=1"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/10/15 20:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/11/04 19:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/07 10:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Extensions
[2015/09/05 17:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\extensions
[2015/09/05 17:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\extensions\staged
[2015/11/21 14:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2015/11/21 14:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/11/04 19:08:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2015/11/22 21:02:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk = C:\WINDOWS\system32\C2MP\UpdateChecker.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65CBEE6-C44B-4AFC-BAA5-B7F2838A178D}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C87D9209-A971-49C4-BA9E-FBCB0284C826}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll File not found
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll File not found
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll File not found
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll File not found
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll File not found
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

========== Files - Modified Within 30 Days ==========

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/25 03:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< End of report >

#34
RKinner

Posted 23 November 2015 - 09:55 PM

Malware Expert

Expert
24,441 posts

Doesn't seem to want to work. There should be a section at the bottom that shows the different versions of http.sys.

Perhaps it doesn't exist at all on your PC. Run FRST again and put http.sys in the box. then hit Search Files. Also run FRST Scan again with the Drivers MD5 box checked.

#35
elielieli

Posted 24 November 2015 - 07:51 AM

Member

Topic Starter
Member
176 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-11-2015

Ran by Asus (2015-11-24 13:16:22)

Running from C:\Documents and Settings\Asus\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) (2012-05-25 14:39:24)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-746137067-2052111302-725345543-500 - Administrator - Enabled)

Asus (S-1-5-21-746137067-2052111302-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Asus

Guest (S-1-5-21-746137067-2052111302-725345543-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-746137067-2052111302-725345543-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-746137067-2052111302-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden

Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)

Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)

Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )

Intel® PROSet/Wireless WiFi Software (HKLM\...\{0E95DA08-2514-4399-AD87-349C350FA9DE}) (Version: 13.05.0000 - Intel Corporation)

iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)

K-Lite Codec Pack 10.9.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd)

Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - )

Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 9 Essentials (HKLM\...\{289bbce1-edf3-4639-8979-52ba09724f8c}) (Version: - Nero AG)

NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version: - )

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )

QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.03 - Realtek Semiconductor Corp.)

RICOH Media Driver ver.2.10.01.01 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.10.01.01 - RICOH)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Switch Sound File Converter (HKLM\...\Switch) (Version: - NCH Software)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.0.0 - Synaptics)

ViewMate Desktop Mouse CC2201 Uninstaller (HKLM\...\VersatoMs) (Version: - )

VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Vuze Remote Toolbar v8.9 (HKLM\...\{E2BDB56B-464B-49D7-AF12-B34C5E2E284B}) (Version: 8.9 - Spigot, Inc.) <==== ATTENTION

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-746137067-2052111302-725345543-1003_Classes\CLSID\{25FB7F49-2278-442E-9482-D1B54E88DA13}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{1171BAF0-C6D4-4415-9FE3-88D9119F2F37}\amstream (the data entry has 15 more characters).

==================== Restore Points =========================

23-11-2015 22:30:32 Installed Windows XP Wdf01009.

24-11-2015 01:46:24 System Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-03-15 12:00 - 2015-11-22 21:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\SwitchDowngrade.job => C:\Program Files\NCH Software\Switch\switch.exe

Task: C:\WINDOWS\Tasks\SwitchReminder.job => C:\Program Files\NCH Software\Switch\switch.exe

Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-04 11:16 - 2015-11-23 22:24 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-06-04 11:16 - 2015-11-23 22:24 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-11-22 01:38 - 2015-11-22 01:38 - 02994176 _____ () C:\Program Files\AVAST Software\Avast\defs\15112101\algo.dll

2015-11-23 22:24 - 2015-11-23 22:24 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2004-06-17 15:14 - 2004-06-17 15:14 - 00282624 _____ () C:\Program Files\MagicMus\MulMouse.exe

2004-04-01 16:46 - 2004-04-01 16:46 - 00126976 _____ () C:\Program Files\MagicMus\Function\Function.dll

2004-04-01 15:59 - 2004-04-01 15:59 - 00390656 _____ () C:\Program Files\MagicMus\MouHelp.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00069632 _____ () C:\WINDOWS\sm56eng.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00061440 _____ () C:\WINDOWS\sm56fra.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00069632 _____ () C:\WINDOWS\sm56brz.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00049152 _____ () C:\WINDOWS\sm56chs.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00049152 _____ () C:\WINDOWS\sm56cht.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00061440 _____ () C:\WINDOWS\sm56ger.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00069632 _____ () C:\WINDOWS\sm56itl.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00053248 _____ () C:\WINDOWS\sm56jpn.dll

2012-05-25 15:15 - 2006-01-20 12:34 - 00069632 _____ () C:\WINDOWS\sm56spn.dll

2004-06-09 14:57 - 2004-06-09 14:57 - 00233472 _____ () C:\Program Files\MagicMus\MagicWl.exe

2014-09-28 02:12 - 2014-09-28 02:12 - 00048744 _____ () C:\WINDOWS\system32\C2MP\UpdateChecker.exe

2006-03-15 12:00 - 2006-03-15 12:00 - 00268288 _____ () C:\WINDOWS\system32\sbe.dll

2006-03-15 12:00 - 2013-01-02 06:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

2006-03-15 12:00 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2006-03-15 12:00 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2012-08-25 11:09 - 2012-03-12 09:05 - 00232288 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.ZZZ...ZZZZ:1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-746137067-2052111302-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

DNS Servers: Media is not connected to internet.

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service

StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes

StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/24/2015 01:15:45 PM) (Source: ESENT) (EventID: 428) (User: )