I uninstalled all the Java like you requested. One of the updates wouldn't uninstall. It kept referencing a CD for an update?
Also, when I went into the control panel and clicked on the Java icon, it wouldn't open so I couldn't clear the cache.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Owner (administrator) on WORK-7DCFB3F226 (21-03-2016 01:55:06)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AOL LLC) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\shwiconEM.exe
(Intel Corporation) C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\WINDOWS\zHotkey.exe
(Motive, Inc.) C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Linksys, LLC) C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AOL LLC) C:\Program Files\Common Files\AOL\1129293949\ee\aolsoftware.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [SunKistEM] => C:\Program Files\Digital Media Reader\shwiconem.exe [135168 2004-11-15] (Alcor Micro, Corp.)
HKLM\...\Run: [IntelAudioStudio] => C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [7086080 2005-05-10] (Intel Corporation)
HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2004-05-17] ()
HKLM\...\Run: [ShowWnd] => C:\WINDOWS\ShowWnd.exe [36864 2003-09-19] ()
HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe [442455 2005-08-24] (Motive, Inc.)
HKLM\...\Run: [D-Link RangeBooster G WUA-2340] => C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1880064 2006-09-01] (D-Link)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2006-06-29] (Alpha Networks Inc.)
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [Linksys Wireless Manager] => C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1358384 2009-02-16] (Linksys, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1129293949\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [71216 2006-10-23] (AOL LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2008-11-10] (Sun Microsystems, Inc.)
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-05-04] (Google Inc.)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-11] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2016-03-06] ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-11-09]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{09293F78-91CB-4439-84E0-3784EE1B2142}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=3AC6518A19554DF57BDA1B50C1A82D4A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> {5B93B26B-6D92-4901-9CC4-AAFAEBB84D34} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> {B64C777E-CF3D-46C7-8F9A-0BACC752C5ED} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-08] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-11] (AVAST Software)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2007-01-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2007-01-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} hxxp://aceonline.asicentral.com/ace/ltocx13n.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} hxxps://remote.hottleappraisal.com/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-13] (Cisco Systems, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5028bwe.default-1456169709640
FF NewTab: hxxp://www.aol.com/
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://mail.aol.com/webmail-std/en-us/suite?lang=en&locale=US
about:preferences
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-08-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-08] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2004-01-13] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-59639899-2322592455-4044543537-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-12] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-06-08] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5028bwe.default-1456169709640\searchplugins\google-lavasoft.xml [2016-03-05]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-19] [not signed]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-11]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) [File not signed]
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2006-07-03] (Alpha Networks Inc.) [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
R3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-11] (AVAST Software)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ehRecvr; C:\WINDOWS\eHome\ehRecvr.exe [195584 2004-09-28] (Microsoft Corporation) [File not signed]
R2 ehSched; C:\WINDOWS\eHome\ehSched.exe [102912 2004-08-10] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153392 2012-08-08] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2005-05-24] (New Boundary Technologies, Inc.) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-10] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2004-08-10] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25088 2004-08-10] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-05-08] (D-Link Corporation) [File not signed]
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-10] (Microsoft Corporation) [File not signed]
R0 adpu160m; C:\WINDOWS\System32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 agpCPQ; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\WINDOWS\System32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\WINDOWS\System32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78xx; C:\WINDOWS\System32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation) [File not signed]
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) [File not signed]
R0 alim1541; C:\WINDOWS\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.) [File not signed]
R0 amsint; C:\WINDOWS\System32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.) [File not signed]
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\WINDOWS\System32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-05-24] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-03-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-03-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-03-11] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2016-03-11] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [268424 2016-03-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-03-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-03-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-03-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-03-11] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-03-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-03-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-03-11] (AVAST Software)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ATIAVPCI; C:\WINDOWS\System32\DRIVERS\atinavxx.sys [135296 2005-03-04] (ATI Technologies Inc.) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S3 b57w2k; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [132352 2005-04-05] (Broadcom Corporation) [File not signed]
R0 cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
R0 cd20xrnt; C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-10] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2007-03-19] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (CMD Technology, Inc.) [File not signed]
R0 Cpqarray; C:\WINDOWS\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\WINDOWS\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-10] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\WINDOWS\System32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-10] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2012-12-07] (GFI Software)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 hpn; C:\WINDOWS\System32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP) [File not signed]
S4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP) [File not signed]
S4 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP) [File not signed]
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 i2omp; C:\WINDOWS\System32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [830684 2005-04-05] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\WINDOWS\System32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-10] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S4 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
S4 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2016-02-10] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-10] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. ) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-10] (Microsoft Corporation) [File not signed]
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-04] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-10] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R0 perc2; C:\WINDOWS\System32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation) [File not signed]
R0 perc2hib; C:\WINDOWS\System32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation) [File not signed]
R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [23984 2008-12-12] (Cisco Systems, Inc.)
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-10] (Parallel Technologies, Inc.) [File not signed]
R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [25264 2008-12-12] (Cisco Systems, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [19840 2004-08-10] (Sonic Solutions) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\WINDOWS\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
R0 ql1240; C:\WINDOWS\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-10] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-10] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-10] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 Serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Sfloppy; C:\WINDOWS\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [35712 2005-04-04] (Sonic Focus, Inc) [File not signed]
R0 sisagp; C:\WINDOWS\System32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) [File not signed]
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [300672 2005-04-27] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic) [File not signed]
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic) [File not signed]
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
R0 TosIde; C:\WINDOWS\System32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation) [File not signed]
R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12288 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
S4 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-10] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.) [File not signed]
S3 ZD1211BU(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation) [File not signed]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 mfewfpk; no ImagePath
S4 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-21 01:29 - 2016-03-21 01:29 - 00082392 _____ C:\ComboFix.txt
2016-03-21 01:29 - 2016-03-21 01:29 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-03-21 01:29 - 2016-03-21 01:29 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-03-21 01:29 - 2016-03-21 01:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-03-21 00:28 - 2016-03-21 01:29 - 00000000 ____D C:\Qoobox
2016-03-21 00:28 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-03-21 00:28 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-03-21 00:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-03-21 00:27 - 2016-03-21 01:09 - 00000000 ____D C:\WINDOWS\erdnt
2016-03-21 00:09 - 2016-03-21 00:09 - 05658151 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2016-03-21 00:06 - 2016-03-21 00:06 - 00000907 _____ C:\WINDOWS\aswMBR.txt
2016-03-20 23:59 - 2016-03-21 00:00 - 05200384 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswmbr.exe
2016-03-20 23:54 - 2016-03-20 23:54 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-20 23:54 - 2016-03-20 23:54 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-03-20 11:49 - 2016-03-20 11:57 - 00022099 _____ C:\Documents and Settings\Owner\Desktop\Addition.txt
2016-03-20 11:40 - 2016-03-21 01:55 - 00052303 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-03-20 11:40 - 2016-03-21 01:55 - 00000000 ____D C:\FRST
2016-03-20 11:39 - 2016-03-20 11:39 - 01725440 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-03-19 00:32 - 2016-03-20 00:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-17 03:11 - 2016-03-17 03:11 - 00006767 _____ C:\Documents and Settings\Owner\Desktop\Procexp.txt
2016-03-17 01:55 - 2016-03-17 01:55 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
2016-03-15 03:07 - 2016-03-15 03:07 - 00000778 _____ C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
2016-03-15 03:07 - 2016-03-15 03:07 - 00000000 ____D C:\Program Files\CPUID
2016-03-15 03:07 - 2016-03-15 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
2016-03-14 00:26 - 2016-03-20 23:55 - 00000000 ____D C:\Program Files\SpeedFan
2016-03-14 00:26 - 2016-03-14 00:26 - 00000682 _____ C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\SpeedFan
2016-03-14 00:25 - 2016-03-14 00:26 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2016-03-13 01:04 - 2016-03-13 01:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2016-03-11 03:22 - 2016-03-11 03:21 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-11 03:21 - 2016-03-11 03:15 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-11 03:18 - 2016-03-11 03:18 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2016-03-11 03:18 - 2016-03-11 03:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2016-03-11 03:17 - 2016-03-11 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2016-03-11 03:17 - 2008-11-07 19:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2016-03-11 03:16 - 2016-03-21 00:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-03-11 03:16 - 2016-03-11 03:16 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-11 03:16 - 2016-03-11 03:16 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-11 03:16 - 2016-03-11 03:16 - 00221240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-11 03:16 - 2016-03-11 03:16 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00268424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00171608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00067088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-11 03:15 - 2016-03-11 03:15 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-11 03:15 - 2016-03-11 03:15 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2016-03-10 12:44 - 2016-03-11 03:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-03-07 11:08 - 2016-03-07 11:07 - 00090112 _____ C:\WINDOWS\Minidump\Mini030716-01.dmp
2016-03-06 17:32 - 2016-03-06 17:32 - 00186088 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-03-05 15:47 - 2016-03-05 15:47 - 00261460 _____ C:\Documents and Settings\Owner\Desktop\WORK-7DCFB3F226.txt
2016-03-05 13:50 - 2016-03-11 03:16 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\defrag
2016-03-05 13:41 - 2016-03-05 13:41 - 00209550 _____ C:\Documents and Settings\Owner\My Documents\WORK-7DCFB3F226.arn.zip
2016-03-05 13:21 - 2016-03-05 13:21 - 00000000 ____D C:\searchplugins
2016-03-05 03:40 - 2016-03-05 03:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
2016-03-05 03:39 - 2016-03-05 03:39 - 00002528 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-03-05 03:39 - 2016-03-05 03:39 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\LavasoftTcpService
2016-03-05 03:38 - 2016-03-05 03:38 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2016-03-05 03:33 - 2016-03-05 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2016-03-05 03:32 - 2016-03-05 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2016-03-05 03:31 - 2016-03-06 17:34 - 00000000 ____D C:\Program Files\Auslogics
2016-03-05 03:22 - 2016-03-05 03:22 - 00003038 _____ C:\Documents and Settings\Owner\Desktop\VolumeC.txt
2016-03-04 14:06 - 2016-03-04 14:06 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\TFC.exe
2016-03-03 13:04 - 2016-03-21 00:56 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2016-03-03 04:30 - 2016-03-03 05:01 - 00130630 _____ C:\WINDOWS\ntbtlog.txt
2016-03-02 01:22 - 2016-03-02 01:22 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-03-02 01:21 - 2016-03-02 01:22 - 00000000 ____D C:\Program Files\Speccy
2016-03-02 01:17 - 2016-03-02 01:18 - 05111240 _____ (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\spsetup129.exe
2016-03-02 00:51 - 2016-03-11 03:11 - 00000000 ____D C:\AVG_Remover
2016-02-20 02:42 - 2016-02-20 02:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini022016-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-21 01:56 - 2005-09-27 08:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2016-03-21 01:29 - 2005-04-13 12:26 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-03-21 00:55 - 2005-04-13 11:56 - 00000303 _____ C:\WINDOWS\system.ini
2016-03-21 00:54 - 2014-04-27 01:21 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-03-21 00:54 - 2005-04-13 11:56 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-21 00:53 - 2005-04-13 12:14 - 00000000 ____D C:\WINDOWS\Registration
2016-03-21 00:52 - 2012-05-02 00:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-21 00:52 - 2005-04-13 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-21 00:51 - 2015-12-13 11:29 - 00458752 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2016-03-21 00:51 - 2015-07-09 12:20 - 00004198 _____ C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2016-03-21 00:50 - 2005-09-27 08:37 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-03-21 00:50 - 2005-09-27 08:37 - 00000000 ____D C:\Documents and Settings\Owner
2016-03-21 00:28 - 2005-04-13 12:26 - 00032604 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-21 00:25 - 2005-04-13 12:41 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-21 00:08 - 2005-04-13 11:56 - 00001235 _____ C:\WINDOWS\win.ini
2016-03-20 23:54 - 2014-08-18 12:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-03-18 17:25 - 2014-08-15 18:00 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-18 11:00 - 2005-04-13 11:57 - 00000209 ___SH C:\boot.ini
2016-03-17 02:06 - 2005-09-27 08:37 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-03-17 02:05 - 2006-04-13 14:55 - 00000000 ____D C:\unzipped
2016-03-15 02:48 - 2012-01-11 21:22 - 00000000 ____D C:\Program Files\Amazon
2016-03-15 02:28 - 2005-04-13 05:08 - 00526450 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-14 01:10 - 2005-04-13 11:55 - 00006656 _____ C:\WINDOWS\system32\lpcio.dll
2016-03-14 00:52 - 2011-12-13 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Miscellaneous
2016-03-12 13:44 - 2016-01-19 09:02 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{2F583D26-115E-4851-8AB3-4DCBFD42D6CB}
2016-03-12 12:31 - 2012-04-02 01:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2016-03-11 14:31 - 2007-01-11 16:31 - 00000000 ____D C:\Oct 2005
2016-03-11 03:29 - 2005-04-13 04:58 - 00000000 ___HD C:\WINDOWS\inf
2016-03-11 03:21 - 2013-05-30 02:41 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-11 03:10 - 2016-02-13 02:05 - 00000000 ____D C:\Program Files\McAfee
2016-03-11 03:10 - 2015-09-13 13:48 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg
2016-03-11 03:10 - 2012-12-13 12:03 - 01102123 _____ C:\WINDOWS\setupapi.log.0.old
2016-03-10 13:32 - 2007-02-16 08:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2016-03-10 13:24 - 2016-02-12 03:09 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-08 16:00 - 2014-04-27 01:21 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-03-07 11:08 - 2007-10-26 09:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-06 21:27 - 2015-06-13 02:21 - 00000000 ____D C:\Program Files\PokerStars
2016-03-06 20:51 - 2005-10-28 07:14 - 00000000 ___RD C:\Documents and Settings\Owner\Desktop\Misc
2016-03-06 16:57 - 2015-09-24 13:23 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-03-06 16:57 - 2011-12-14 16:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-06 16:57 - 2011-12-14 16:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 14:59 - 2005-09-27 12:44 - 00002327 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Professional.lnk
2016-03-05 13:23 - 2011-12-23 16:31 - 00000000 ____D C:\Program Files\Lavasoft
2016-03-05 13:22 - 2011-12-23 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2016-03-03 13:53 - 2005-04-13 04:58 - 00000000 ____D C:\WINDOWS\Help
2016-03-03 13:29 - 2013-09-10 00:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-03 12:29 - 2005-09-28 15:43 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-02 02:12 - 2007-03-21 09:23 - 00000000 ____D C:\Program Files\Hijackthis
==================== Files in the root of some directories =======
2013-05-24 04:22 - 2014-06-22 08:48 - 0003662 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2011-01-18 03:53 - 2011-01-18 03:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 03:05 - 2011-01-18 03:05 - 0000290 _____ () C:\Program Files\setup.ini
2015-12-24 14:48 - 2015-12-24 14:48 - 0000499 _____ () C:\Documents and Settings\Owner\Application Data\mbam.context.scan
2006-02-07 08:32 - 2006-02-07 08:50 - 0000136 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2016-02-14 10:43 - 2016-02-14 10:43 - 0000664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
2005-09-27 08:37 - 2013-01-31 11:25 - 0035840 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-01-26 13:36 - 2006-01-26 13:36 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
ZeroAccess:
C:\Windows\Installer\{c9c50621-2987-6697-0fec-f59d6ff5ff90}
C:\Windows\Installer\{c9c50621-2987-6697-0fec-f59d6ff5ff90}\@
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Owner (2016-03-21 01:58:12)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-09-27 13:37:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-59639899-2322592455-4044543537-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-59639899-2322592455-4044543537-1003 - Limited - Enabled)
Guest (S-1-5-21-59639899-2322592455-4044543537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-59639899-2322592455-4044543537-1005 - Limited - Disabled)
Owner (S-1-5-21-59639899-2322592455-4044543537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-59639899-2322592455-4044543537-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2WIRE Wireless LAN - USB Driver (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version: - )
Adobe Acrobat 6.0.1 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version: - )
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Illustrator CS (HKLM\...\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}) (Version: 11 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\Akamai) (Version: - Akamai Technologies, Inc)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AT&T Self Support Tool (HKLM\...\SBC.MCCInstall) (Version: - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
BadCopy Pro (HKLM\...\BadCopy Pro) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CoatsEDV (HKLM\...\{C8E2DEF5-DFC3-4515-B4A7-AC73D38C7B64}) (Version: 1.60.2004 - Wings Systems Ltd.)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
ESP Online (HKLM\...\{84BF2E9C-16D9-11D8-BE69-00B0D0852669}) (Version: 1.0.1.0 - ASI)
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version: - )
GN 2005 Collection (HKLM\...\InstallShield_{1811FE16-BAA9-4507-B396-3B713D914A54}) (Version: 1.1.1.0 - Great Notions)
GN 2005 Collection (Version: 1.1.1.0 - Great Notions) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel Audio Studio (HKLM\...\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}) (Version: 1.57.3000 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Linksys Wireless Manager (HKLM\...\Linksys Wireless Manager) (Version: 4.9.9047.0 - Linksys, LLC)
Malwarebytes Anti-Malware version 1.65.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Keyboard Driver (HKLM\...\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}) (Version: - )
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.0.3.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
NUCLEUS KERNEL for CD-DVD 1.8 (HKLM\...\NUCLEUS KERNEL for CD-DVD_is1) (Version: 1.8 - nucleustechnologies)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PaperPort 8.0 SE (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Pure Networks Platform (Version: 11.1.9044.0 - Pure Networks) Hidden
RangeBooster G WUA-2340 (HKLM\...\InstallShield_{BA180519-5857-4D89-9EAD-A2248B89AEF7}) (Version: - D-Link)
RangeBooster G WUA-2340 (Version: - D-Link) Hidden
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Register Plus (HKLM\...\{6457E848-5591-11D7-BDFD-00B0D0852669}) (Version: 7.2 - )
RMP4 (HKLM\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4441.0 - SigmaTel)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version: - )
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tajima DG/ML by Pulse Ambassador (HKLM\...\Tajima DG/ML by Pulse Ambassador) (Version: - )
Unity Web Player (HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: - )
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{013F891C-58A8-42F1-BA17-A3954DDED562}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{073258F7-8BC6-4a64-A4E7-919E4D32DC63}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWMA.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{12897008-A82D-4267-92A3-04D22450D565}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXAudioCodec.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{1C6E0E46-4E5F-492D-B946-44291B931361}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{2000AA1D-2E7C-4EBA-9893-DAE4EF5E1FE5}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{403BD5FD-724C-4D96-86ED-B9E3A2ACBD8E}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Memory info ===========================
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 83%
Total physical RAM: 1011.67 MB
Available physical RAM: 162.87 MB
Total Virtual: 2913.74 MB
Available Virtual: 1744.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:228.82 GB) (Free:171.55 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:4.05 GB) (Free:0.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 38EF9D17)
Partition 1: (Active) - (Size=228.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.1 GB) - (Type=0B)
==================== End of Addition.txt ============================
ComboFix 16-03-19.01 - Owner 03/21/2016 0:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.424 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\WINDOWS
C:\prefs.js
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\OApps
c:\program files\OApps\chromeaddon\._included.js
c:\program files\OApps\chromeaddon\background.html
c:\program files\OApps\chromeaddon\included.js
c:\program files\OApps\chromeaddon\manifest.json
c:\program files\OApps\status.txt
c:\program files\OApps\status2.txt
c:\program files\OApps\status3.txt
c:\program files\OApps\status4.txt
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00003
c:\windows\$msi31uninstall_kb893803v2$\reg00004
c:\windows\$msi31uninstall_kb893803v2$\reg00005
c:\windows\$msi31uninstall_kb893803v2$\reg00006
c:\windows\$msi31uninstall_kb893803v2$\reg00007
c:\windows\$msi31uninstall_kb893803v2$\reg00008
c:\windows\$msi31uninstall_kb893803v2$\reg00009
c:\windows\$msi31uninstall_kb893803v2$\reg00010
c:\windows\$msi31uninstall_kb893803v2$\reg00011
c:\windows\$msi31uninstall_kb893803v2$\reg00012
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\AdobePDF.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\0734b199435216c0.fb
c:\windows\system32\Cache\1ffc82f83365c73f.fb
c:\windows\system32\Cache\25ea4a35ae805f8b.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\407fd498eb49dd3a.fb
c:\windows\system32\Cache\4785fe572c015fb0.fb
c:\windows\system32\Cache\48521ff782e3be84.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8b439fbfae042181.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\97099601b07d57aa.fb
c:\windows\system32\Cache\a75a239b5430178a.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b352bbfeac576739.fb
c:\windows\system32\Cache\bc2ff0d88395e0d0.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c54d14cdaa6299e2.fb
c:\windows\system32\Cache\d1d59bc126d010bc.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2407a477adc6d14.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dc30abfef45781f7.fb
c:\windows\system32\Cache\e2272cd786a9a15b.fb
c:\windows\system32\Cache\ea28f1ab85cb3ea6.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\ff52a9739eb6ccbe.fb
c:\windows\system32\config\systemprofile\Application Data\alot
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\regobj.dll
c:\windows\system32\tmp.reg
c:\windows\wallpg.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CDBGEVTSVC
.
.
((((((((((((((((((((((((( Files Created from 2016-02-21 to 2016-03-21 )))))))))))))))))))))))))))))))
.
.
2016-03-21 04:54 . 2016-03-21 04:54 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-21 04:54 . 2016-03-21 04:54 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-20 16:40 . 2016-03-20 16:57 -------- d-----w- C:\FRST
2016-03-17 06:55 . 2016-03-17 06:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2016-03-15 08:07 . 2016-03-15 08:07 -------- d-----w- c:\program files\CPUID
2016-03-14 05:26 . 2016-03-21 04:55 -------- d-----w- c:\program files\SpeedFan
2016-03-13 06:04 . 2016-03-13 06:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2016-03-11 08:22 . 2016-03-11 08:21 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-03-11 08:21 . 2016-03-11 08:15 334280 ----a-w- c:\windows\system32\aswBoot.exe
2016-03-11 08:18 . 2016-03-11 08:18 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2016-03-11 08:17 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2016-03-11 08:16 . 2016-03-11 08:16 221240 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-03-11 08:16 . 2016-03-11 08:15 67088 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-03-11 08:16 . 2016-03-11 08:15 171608 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-03-11 08:16 . 2016-03-11 08:16 91168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-03-11 08:16 . 2016-03-11 08:16 447848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-03-11 08:16 . 2016-03-11 08:15 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-03-11 08:16 . 2016-03-11 08:15 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-03-11 08:16 . 2016-03-11 08:15 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-03-11 08:16 . 2016-03-11 08:16 816304 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-03-11 08:16 . 2016-03-11 08:15 268424 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2016-03-11 08:15 . 2016-03-11 08:15 52184 ----a-w- c:\windows\avastSS.scr
2016-03-11 08:15 . 2016-03-11 08:15 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2016-03-10 17:44 . 2016-03-11 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2016-03-05 18:21 . 2016-03-05 18:21 -------- d-----w- C:\searchplugins
2016-03-05 08:39 . 2016-03-05 08:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\LavasoftTcpService
2016-03-05 08:38 . 2016-03-05 08:38 345360 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2016-03-05 08:33 . 2016-03-05 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2016-03-05 08:31 . 2016-03-06 22:34 -------- d-----w- c:\program files\Auslogics
2016-03-02 06:21 . 2016-03-02 06:22 -------- d-----w- c:\program files\Speccy
2016-03-02 05:51 . 2016-03-11 08:11 -------- d-----w- C:\AVG_Remover
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-14 06:10 . 2005-04-13 16:55 6656 ----a-w- c:\windows\system32\lpcio.dll
2016-02-10 09:15 . 2015-12-24 19:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 19:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\sp2gdr\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\sp2qfe\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\sp2gdr\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\sp2qfe\es.dll
[-] 2004-08-10 19:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\$NtUninstallKB2876217$\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\sp2gdr\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\sp2qfe\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\$NtUninstallKB2850869$\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-10 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-10 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
[-] 2004-08-10 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\I386\NTDLL.DLL
[-] 2004-08-10 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\I386\SYSTEM32\NTDLL.DLL
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2004-08-10 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 19:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2004-08-10 19:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-05-03 . 70F7DF7268C6AB388319A03375DAC4E5 . 2028544 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9ED39805DF38061BB031D0F2B20DFB77 . 2028544 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 61CCE48F7BD00E0E4D5CDE206F2DDC1B . 2026496 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BBB2322EB14AD9AD55B1024FFD4D88BF . 2015744 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-10 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 19:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 19:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-05-03 . 0F1ECE75329996EBDCF2774F9E46623D . 2149888 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2013-03-07 . 8C39722F8C291F1BBCCE80EE23065897 . 2149888 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8318ED54797F3E513FD5817A1D4BBD18 . 2136064 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2004-08-10 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-10 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-03-11 08:15 770088 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2015-09-11 4691384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-05-10 7086080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2006-09-01 1880064]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-18 7139256]
"HostManager"="c:\program files\Common Files\AOL\1129293949\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-04 68856]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-28 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129293949\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129293949\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129293949\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1659:TCP"= 1659:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [3/11/2016 3:15 AM 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [3/11/2016 3:16 AM 268424]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/11/2016 3:16 AM 58776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/11/2016 3:16 AM 221240]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12/7/2012 3:28 AM 13560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/11/2016 3:22 AM 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2016 3:16 AM 816304]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2016 3:16 AM 447848]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [3/11/2016 3:16 AM 32792]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/11/2016 3:16 AM 91168]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [3/11/2016 3:15 AM 119128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/13/2016 2:09 AM 132160]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4/16/2015 1:07 PM 1759584]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [3/11/2016 3:16 AM 171608]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 7:10 PM 347648]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [5/13/2009 12:50 PM 627072]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/24/2011 1:51 AM 22856]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/11/2012 12:22 PM 399432]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/24/2015 2:48 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2015-08-27 05:26]
.
2016-03-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-11 08:15]
.
2016-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 05:59]
.
2016-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 05:59]
.
2005-09-27 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]
.
2016-03-21 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2016-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2016-03-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5028bwe.default-1456169709640\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://mail.aol.com/webmail-std/en-us/suite?lang=en&locale=US|about:preferences
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2016-03-21 00:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-813497703-1202660629-500_Classes\CLSID\{64939844-FD2D-4ECF-9BD2-DAB36D1743BA}\InprocServer32]
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-59639899-2322592455-4044543537-1006)
"ThreadingModel"="Apartment"
@="c:\\Documents and Settings\\All Users\\Application Data\\{2F583D26-115E-4851-8AB3-4DCBFD42D6CB}\\rasser.dll"
.
[HKEY_USERS\S-1-5-21-1659004503-813497703-1202660629-500_Classes\Drive\ShellEx\FolderExtensions\{64939844-FD2D-4ECF-9BD2-DAB36D1743BA}]
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-59639899-2322592455-4044543537-1006)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{64939844-FD2D-4ECF-9BD2-DAB36D1743BA}\InprocServer32]
@Denied: (C D 2 3 6) (Everyone)
"ThreadingModel"="Apartment"
@="c:\\Documents and Settings\\All Users\\Application Data\\{2F583D26-115E-4851-8AB3-4DCBFD42D6CB}\\rasser.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{64939844-FD2D-4ECF-9BD2-DAB36D1743BA}]
@Denied: (C D 2 3 6) (Everyone)
"DriveMask"=dword:ffffffff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5236)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\documents and settings\All Users\Application Data\{2F583D26-115E-4851-8AB3-4DCBFD42D6CB}\rasser.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(5264)
c:\windows\system32\WININET.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ImgUtil.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\zHotkey.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\notepad.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\PresentationHost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\msiexec.exe
c:\windows\notepad.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2016-03-21 01:29:03 - machine was rebooted
ComboFix-quarantined-files.txt 2016-03-21 06:28
.
Pre-Run: 183,839,277,056 bytes free
Post-Run: 184,164,188,160 bytes free
.
- - End Of File - - 127F2C8492B8B6810701D49B4BA1945D
B20939CD98B7710036274839082AE757
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Owner (administrator) on WORK-7DCFB3F226 (21-03-2016 01:55:06)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AOL LLC) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\shwiconEM.exe
(Intel Corporation) C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\WINDOWS\zHotkey.exe
(Motive, Inc.) C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Linksys, LLC) C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AOL LLC) C:\Program Files\Common Files\AOL\1129293949\ee\aolsoftware.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [SunKistEM] => C:\Program Files\Digital Media Reader\shwiconem.exe [135168 2004-11-15] (Alcor Micro, Corp.)
HKLM\...\Run: [IntelAudioStudio] => C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [7086080 2005-05-10] (Intel Corporation)
HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2004-05-17] ()
HKLM\...\Run: [ShowWnd] => C:\WINDOWS\ShowWnd.exe [36864 2003-09-19] ()
HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe [442455 2005-08-24] (Motive, Inc.)
HKLM\...\Run: [D-Link RangeBooster G WUA-2340] => C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1880064 2006-09-01] (D-Link)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2006-06-29] (Alpha Networks Inc.)
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [Linksys Wireless Manager] => C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1358384 2009-02-16] (Linksys, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1129293949\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [71216 2006-10-23] (AOL LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2008-11-10] (Sun Microsystems, Inc.)
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-05-04] (Google Inc.)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-11] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2016-03-06] ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-11-09]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{09293F78-91CB-4439-84E0-3784EE1B2142}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-59639899-2322592455-4044543537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=3AC6518A19554DF57BDA1B50C1A82D4A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> {5B93B26B-6D92-4901-9CC4-AAFAEBB84D34} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> {B64C777E-CF3D-46C7-8F9A-0BACC752C5ED} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-08] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-11] (AVAST Software)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2007-01-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2007-01-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-59639899-2322592455-4044543537-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} hxxp://aceonline.asicentral.com/ace/ltocx13n.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} hxxps://remote.hottleappraisal.com/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-13] (Cisco Systems, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5028bwe.default-1456169709640
FF NewTab: hxxp://www.aol.com/
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://mail.aol.com/webmail-std/en-us/suite?lang=en&locale=US
about:preferences
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-08-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-08] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2004-01-13] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-59639899-2322592455-4044543537-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-12] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-06-08] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5028bwe.default-1456169709640\searchplugins\google-lavasoft.xml [2016-03-05]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-19] [not signed]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-11]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) [File not signed]
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2006-07-03] (Alpha Networks Inc.) [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
R3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-11] (AVAST Software)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ehRecvr; C:\WINDOWS\eHome\ehRecvr.exe [195584 2004-09-28] (Microsoft Corporation) [File not signed]
R2 ehSched; C:\WINDOWS\eHome\ehSched.exe [102912 2004-08-10] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153392 2012-08-08] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2005-05-24] (New Boundary Technologies, Inc.) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-10] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2004-08-10] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25088 2004-08-10] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-05-08] (D-Link Corporation) [File not signed]
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-10] (Microsoft Corporation) [File not signed]
R0 adpu160m; C:\WINDOWS\System32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 agpCPQ; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\WINDOWS\System32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\WINDOWS\System32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78xx; C:\WINDOWS\System32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation) [File not signed]
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) [File not signed]
R0 alim1541; C:\WINDOWS\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.) [File not signed]
R0 amsint; C:\WINDOWS\System32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.) [File not signed]
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\WINDOWS\System32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-05-24] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-03-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-03-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-03-11] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2016-03-11] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [268424 2016-03-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-03-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-03-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-03-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-03-11] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-03-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-03-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-03-11] (AVAST Software)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ATIAVPCI; C:\WINDOWS\System32\DRIVERS\atinavxx.sys [135296 2005-03-04] (ATI Technologies Inc.) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S3 b57w2k; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [132352 2005-04-05] (Broadcom Corporation) [File not signed]
R0 cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
R0 cd20xrnt; C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-10] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2007-03-19] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (CMD Technology, Inc.) [File not signed]
R0 Cpqarray; C:\WINDOWS\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\WINDOWS\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-10] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\WINDOWS\System32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-10] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2012-12-07] (GFI Software)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 hpn; C:\WINDOWS\System32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP) [File not signed]
S4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP) [File not signed]
S4 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP) [File not signed]
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 i2omp; C:\WINDOWS\System32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [830684 2005-04-05] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\WINDOWS\System32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-10] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S4 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
S4 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2016-02-10] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-10] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. ) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-10] (Microsoft Corporation) [File not signed]
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-04] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-10] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R0 perc2; C:\WINDOWS\System32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation) [File not signed]
R0 perc2hib; C:\WINDOWS\System32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation) [File not signed]
R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [23984 2008-12-12] (Cisco Systems, Inc.)
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-10] (Parallel Technologies, Inc.) [File not signed]
R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [25264 2008-12-12] (Cisco Systems, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [19840 2004-08-10] (Sonic Solutions) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\WINDOWS\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
R0 ql1240; C:\WINDOWS\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-10] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-10] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-10] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 Serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Sfloppy; C:\WINDOWS\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [35712 2005-04-04] (Sonic Focus, Inc) [File not signed]
R0 sisagp; C:\WINDOWS\System32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) [File not signed]
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [300672 2005-04-27] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic) [File not signed]
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic) [File not signed]
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
R0 TosIde; C:\WINDOWS\System32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation) [File not signed]
R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12288 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
S4 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-10] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.) [File not signed]
S3 ZD1211BU(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation) [File not signed]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 mfewfpk; no ImagePath
S4 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-21 01:29 - 2016-03-21 01:29 - 00082392 _____ C:\ComboFix.txt
2016-03-21 01:29 - 2016-03-21 01:29 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-03-21 01:29 - 2016-03-21 01:29 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-03-21 01:29 - 2016-03-21 01:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-03-21 00:28 - 2016-03-21 01:29 - 00000000 ____D C:\Qoobox
2016-03-21 00:28 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-03-21 00:28 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-03-21 00:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-03-21 00:28 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-03-21 00:27 - 2016-03-21 01:09 - 00000000 ____D C:\WINDOWS\erdnt
2016-03-21 00:09 - 2016-03-21 00:09 - 05658151 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2016-03-21 00:06 - 2016-03-21 00:06 - 00000907 _____ C:\WINDOWS\aswMBR.txt
2016-03-20 23:59 - 2016-03-21 00:00 - 05200384 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswmbr.exe
2016-03-20 23:54 - 2016-03-20 23:54 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-20 23:54 - 2016-03-20 23:54 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-03-20 11:49 - 2016-03-20 11:57 - 00022099 _____ C:\Documents and Settings\Owner\Desktop\Addition.txt
2016-03-20 11:40 - 2016-03-21 01:55 - 00052303 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-03-20 11:40 - 2016-03-21 01:55 - 00000000 ____D C:\FRST
2016-03-20 11:39 - 2016-03-20 11:39 - 01725440 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-03-19 00:32 - 2016-03-20 00:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-17 03:11 - 2016-03-17 03:11 - 00006767 _____ C:\Documents and Settings\Owner\Desktop\Procexp.txt
2016-03-17 01:55 - 2016-03-17 01:55 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
2016-03-15 03:07 - 2016-03-15 03:07 - 00000778 _____ C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
2016-03-15 03:07 - 2016-03-15 03:07 - 00000000 ____D C:\Program Files\CPUID
2016-03-15 03:07 - 2016-03-15 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
2016-03-14 00:26 - 2016-03-20 23:55 - 00000000 ____D C:\Program Files\SpeedFan
2016-03-14 00:26 - 2016-03-14 00:26 - 00000682 _____ C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\SpeedFan
2016-03-14 00:25 - 2016-03-14 00:26 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2016-03-13 01:04 - 2016-03-13 01:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2016-03-11 03:22 - 2016-03-11 03:21 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-11 03:21 - 2016-03-11 03:15 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-11 03:18 - 2016-03-11 03:18 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2016-03-11 03:18 - 2016-03-11 03:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2016-03-11 03:17 - 2016-03-11 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2016-03-11 03:17 - 2008-11-07 19:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2016-03-11 03:16 - 2016-03-21 00:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-03-11 03:16 - 2016-03-11 03:16 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-11 03:16 - 2016-03-11 03:16 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-11 03:16 - 2016-03-11 03:16 - 00221240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-11 03:16 - 2016-03-11 03:16 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00268424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00171608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00067088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-11 03:16 - 2016-03-11 03:15 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-11 03:15 - 2016-03-11 03:15 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-11 03:15 - 2016-03-11 03:15 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2016-03-10 12:44 - 2016-03-11 03:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-03-07 11:08 - 2016-03-07 11:07 - 00090112 _____ C:\WINDOWS\Minidump\Mini030716-01.dmp
2016-03-06 17:32 - 2016-03-06 17:32 - 00186088 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-03-05 15:47 - 2016-03-05 15:47 - 00261460 _____ C:\Documents and Settings\Owner\Desktop\WORK-7DCFB3F226.txt
2016-03-05 13:50 - 2016-03-11 03:16 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\defrag
2016-03-05 13:41 - 2016-03-05 13:41 - 00209550 _____ C:\Documents and Settings\Owner\My Documents\WORK-7DCFB3F226.arn.zip
2016-03-05 13:21 - 2016-03-05 13:21 - 00000000 ____D C:\searchplugins
2016-03-05 03:40 - 2016-03-05 03:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
2016-03-05 03:39 - 2016-03-05 03:39 - 00002528 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-03-05 03:39 - 2016-03-05 03:39 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\LavasoftTcpService
2016-03-05 03:38 - 2016-03-05 03:38 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2016-03-05 03:33 - 2016-03-05 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2016-03-05 03:32 - 2016-03-05 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2016-03-05 03:31 - 2016-03-06 17:34 - 00000000 ____D C:\Program Files\Auslogics
2016-03-05 03:22 - 2016-03-05 03:22 - 00003038 _____ C:\Documents and Settings\Owner\Desktop\VolumeC.txt
2016-03-04 14:06 - 2016-03-04 14:06 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\TFC.exe
2016-03-03 13:04 - 2016-03-21 00:56 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2016-03-03 04:30 - 2016-03-03 05:01 - 00130630 _____ C:\WINDOWS\ntbtlog.txt
2016-03-02 01:22 - 2016-03-02 01:22 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-03-02 01:21 - 2016-03-02 01:22 - 00000000 ____D C:\Program Files\Speccy
2016-03-02 01:17 - 2016-03-02 01:18 - 05111240 _____ (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\spsetup129.exe
2016-03-02 00:51 - 2016-03-11 03:11 - 00000000 ____D C:\AVG_Remover
2016-02-20 02:42 - 2016-02-20 02:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini022016-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-21 01:56 - 2005-09-27 08:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2016-03-21 01:29 - 2005-04-13 12:26 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-03-21 00:55 - 2005-04-13 11:56 - 00000303 _____ C:\WINDOWS\system.ini
2016-03-21 00:54 - 2014-04-27 01:21 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-03-21 00:54 - 2005-04-13 11:56 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-21 00:53 - 2005-04-13 12:14 - 00000000 ____D C:\WINDOWS\Registration
2016-03-21 00:52 - 2012-05-02 00:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-21 00:52 - 2005-04-13 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-21 00:51 - 2015-12-13 11:29 - 00458752 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2016-03-21 00:51 - 2015-07-09 12:20 - 00004198 _____ C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2016-03-21 00:50 - 2005-09-27 08:37 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-03-21 00:50 - 2005-09-27 08:37 - 00000000 ____D C:\Documents and Settings\Owner
2016-03-21 00:28 - 2005-04-13 12:26 - 00032604 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-21 00:25 - 2005-04-13 12:41 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-21 00:08 - 2005-04-13 11:56 - 00001235 _____ C:\WINDOWS\win.ini
2016-03-20 23:54 - 2014-08-18 12:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-03-18 17:25 - 2014-08-15 18:00 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-18 11:00 - 2005-04-13 11:57 - 00000209 ___SH C:\boot.ini
2016-03-17 02:06 - 2005-09-27 08:37 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-03-17 02:05 - 2006-04-13 14:55 - 00000000 ____D C:\unzipped
2016-03-15 02:48 - 2012-01-11 21:22 - 00000000 ____D C:\Program Files\Amazon
2016-03-15 02:28 - 2005-04-13 05:08 - 00526450 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-14 01:10 - 2005-04-13 11:55 - 00006656 _____ C:\WINDOWS\system32\lpcio.dll
2016-03-14 00:52 - 2011-12-13 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Miscellaneous
2016-03-12 13:44 - 2016-01-19 09:02 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{2F583D26-115E-4851-8AB3-4DCBFD42D6CB}
2016-03-12 12:31 - 2012-04-02 01:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2016-03-11 14:31 - 2007-01-11 16:31 - 00000000 ____D C:\Oct 2005
2016-03-11 03:29 - 2005-04-13 04:58 - 00000000 ___HD C:\WINDOWS\inf
2016-03-11 03:21 - 2013-05-30 02:41 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-11 03:10 - 2016-02-13 02:05 - 00000000 ____D C:\Program Files\McAfee
2016-03-11 03:10 - 2015-09-13 13:48 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg
2016-03-11 03:10 - 2012-12-13 12:03 - 01102123 _____ C:\WINDOWS\setupapi.log.0.old
2016-03-10 13:32 - 2007-02-16 08:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2016-03-10 13:24 - 2016-02-12 03:09 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-08 16:00 - 2014-04-27 01:21 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-03-07 11:08 - 2007-10-26 09:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-06 21:27 - 2015-06-13 02:21 - 00000000 ____D C:\Program Files\PokerStars
2016-03-06 20:51 - 2005-10-28 07:14 - 00000000 ___RD C:\Documents and Settings\Owner\Desktop\Misc
2016-03-06 16:57 - 2015-09-24 13:23 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-03-06 16:57 - 2011-12-14 16:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-06 16:57 - 2011-12-14 16:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 14:59 - 2005-09-27 12:44 - 00002327 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Professional.lnk
2016-03-05 13:23 - 2011-12-23 16:31 - 00000000 ____D C:\Program Files\Lavasoft
2016-03-05 13:22 - 2011-12-23 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2016-03-03 13:53 - 2005-04-13 04:58 - 00000000 ____D C:\WINDOWS\Help
2016-03-03 13:29 - 2013-09-10 00:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-03 12:29 - 2005-09-28 15:43 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-02 02:12 - 2007-03-21 09:23 - 00000000 ____D C:\Program Files\Hijackthis
==================== Files in the root of some directories =======
2013-05-24 04:22 - 2014-06-22 08:48 - 0003662 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2011-01-18 03:53 - 2011-01-18 03:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 03:05 - 2011-01-18 03:05 - 0000290 _____ () C:\Program Files\setup.ini
2015-12-24 14:48 - 2015-12-24 14:48 - 0000499 _____ () C:\Documents and Settings\Owner\Application Data\mbam.context.scan
2006-02-07 08:32 - 2006-02-07 08:50 - 0000136 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2016-02-14 10:43 - 2016-02-14 10:43 - 0000664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
2005-09-27 08:37 - 2013-01-31 11:25 - 0035840 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-01-26 13:36 - 2006-01-26 13:36 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
ZeroAccess:
C:\Windows\Installer\{c9c50621-2987-6697-0fec-f59d6ff5ff90}
C:\Windows\Installer\{c9c50621-2987-6697-0fec-f59d6ff5ff90}\@
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Owner (2016-03-21 01:58:12)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-09-27 13:37:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-59639899-2322592455-4044543537-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-59639899-2322592455-4044543537-1003 - Limited - Enabled)
Guest (S-1-5-21-59639899-2322592455-4044543537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-59639899-2322592455-4044543537-1005 - Limited - Disabled)
Owner (S-1-5-21-59639899-2322592455-4044543537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-59639899-2322592455-4044543537-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2WIRE Wireless LAN - USB Driver (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version: - )
Adobe Acrobat 6.0.1 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version: - )
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Illustrator CS (HKLM\...\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}) (Version: 11 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\Akamai) (Version: - Akamai Technologies, Inc)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AT&T Self Support Tool (HKLM\...\SBC.MCCInstall) (Version: - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
BadCopy Pro (HKLM\...\BadCopy Pro) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CoatsEDV (HKLM\...\{C8E2DEF5-DFC3-4515-B4A7-AC73D38C7B64}) (Version: 1.60.2004 - Wings Systems Ltd.)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
ESP Online (HKLM\...\{84BF2E9C-16D9-11D8-BE69-00B0D0852669}) (Version: 1.0.1.0 - ASI)
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version: - )
GN 2005 Collection (HKLM\...\InstallShield_{1811FE16-BAA9-4507-B396-3B713D914A54}) (Version: 1.1.1.0 - Great Notions)
GN 2005 Collection (Version: 1.1.1.0 - Great Notions) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel Audio Studio (HKLM\...\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}) (Version: 1.57.3000 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Linksys Wireless Manager (HKLM\...\Linksys Wireless Manager) (Version: 4.9.9047.0 - Linksys, LLC)
Malwarebytes Anti-Malware version 1.65.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Keyboard Driver (HKLM\...\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}) (Version: - )
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.0.3.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
NUCLEUS KERNEL for CD-DVD 1.8 (HKLM\...\NUCLEUS KERNEL for CD-DVD_is1) (Version: 1.8 - nucleustechnologies)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PaperPort 8.0 SE (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Pure Networks Platform (Version: 11.1.9044.0 - Pure Networks) Hidden
RangeBooster G WUA-2340 (HKLM\...\InstallShield_{BA180519-5857-4D89-9EAD-A2248B89AEF7}) (Version: - D-Link)
RangeBooster G WUA-2340 (Version: - D-Link) Hidden
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Register Plus (HKLM\...\{6457E848-5591-11D7-BDFD-00B0D0852669}) (Version: 7.2 - )
RMP4 (HKLM\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4441.0 - SigmaTel)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version: - )
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tajima DG/ML by Pulse Ambassador (HKLM\...\Tajima DG/ML by Pulse Ambassador) (Version: - )
Unity Web Player (HKU\S-1-5-21-59639899-2322592455-4044543537-1006\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: - )
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{013F891C-58A8-42F1-BA17-A3954DDED562}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{073258F7-8BC6-4a64-A4E7-919E4D32DC63}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWMA.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{12897008-A82D-4267-92A3-04D22450D565}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXAudioCodec.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{1C6E0E46-4E5F-492D-B946-44291B931361}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{2000AA1D-2E7C-4EBA-9893-DAE4EF5E1FE5}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{403BD5FD-724C-4D96-86ED-B9E3A2ACBD8E}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-59639899-2322592455-4044543537-1006_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Memory info ===========================
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 83%
Total physical RAM: 1011.67 MB
Available physical RAM: 162.87 MB
Total Virtual: 2913.74 MB
Available Virtual: 1744.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:228.82 GB) (Free:171.55 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:4.05 GB) (Free:0.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 38EF9D17)
Partition 1: (Active) - (Size=228.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.1 GB) - (Type=0B)
==================== End of Addition.txt ============================