UnHookExec.inf didnt work so I ran the old timer. Appears that I have a number of firewalls I didnt know existed on this machine. Here are the logs:
OTL Extras logfile created on: 7/6/2017 9:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\OldTIMER
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 25.23% Memory free
3.72 Gb Paging File | 2.15 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 17.14 Gb Free Space | 28.75% Space Free | Partition Type: NTFS
Computer Name: NONE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\Ralink\Common\RaMediaServer.exe" = C:\Program Files\Ralink\Common\RaMediaServer.exe:*:Enabled:Ralink UPnP Media Server -- (Ralink)
"C:\Program Files\Ralink\Common\RaUI.exe" = C:\Program Files\Ralink\Common\RaUI.exe:*:Enabled:Ralink Utility -- (Ralink Technology, Corp.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe" = C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe:*:Enabled:SP_FF -- (IObit)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{284F4C1C-380D-4F10-88C8-1F9E386EFE98}" = 32 Bit HP CIO Components Installer
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CAAF899F-D15F-480F-AF10-22B1431A5E9F}" = AX88772
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}" = OpenOffice 4.1.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Advanced SystemCare_is1" = Advanced SystemCare 10
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Avast" = Avast Free Antivirus
"BitShares2-light" = BitShares2-light
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Driver Booster_is1" = Driver Booster 4.1
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"IObitUninstall" = IObit Uninstaller
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 52.2.1 ESR (x86 en-US)" = Mozilla Firefox 52.2.1 ESR (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrintKey2000" = PrintKey2000
"Smart Defrag_is1" = Smart Defrag 5
"VLC media player" = VLC media player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinZip" = WinZip
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/6/2017 7:39:47 PM | Computer Name = NONE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 3.5 SP1 -- The installer has encountered
an unexpected error installing this package. This may indicate a problem with this
package. The error code is 2902. The arguments are: ixfAssemblyCopy, ,
Error - 6/6/2017 7:39:48 PM | Computer Name = NONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.5 SP1 - Update 'KB2836940' could
not be installed. Error code 1603. Additional information is available in the log
file C:\DOCUME~1\User\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB2836940_20170606_233942968-Msi0.txt.
Error - 6/6/2017 7:39:48 PM | Computer Name = NONE | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2836940,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2902.
Error - 6/28/2017 6:08:27 PM | Computer Name = NONE | Source = crypt32 | ID = 131083
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 6/28/2017 6:08:27 PM | Computer Name = NONE | Source = crypt32 | ID = 131083
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/5/2017 8:11:10 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = GenericSkinnedInstaller.Installing: Unexpected exception while sending
installation data.
Error - 7/5/2017 8:11:25 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = InstallerCore.Downloader: Unexpected Exception while checking contentLength
.
Error - 7/5/2017 8:11:41 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = GenericSkinnedInstaller.BrowserDetection.BrowserUtility: System.DllNotFoundException:
Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found.
(Exception from HRESULT: 0x8007007E) at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum
op) at System.Data.SQLite.SQLite3.StaticIsInitialized() at System.Data.SQLite.SQLiteLog.Initialize()
at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean
parseViaFramework) at System.Data.SQLite.SQLiteConnection..ctor(String connectionString)
at GenericSkinnedInstaller.BrowserDetection.BrowserUtility.ExtractLastUsedDateFromFirefox(DateTime
lastUsedDate)
Error - 7/5/2017 8:24:51 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = InstallerCore.Downloader: Unexpected Exception while checking contentLength
.
Error - 7/5/2017 8:24:53 PM | Computer Name = NONE | Source = Total System Care | ID = 0
System.Net.WebException: The server committed a protocol violation. Section=ResponseStatusLine
at System.Net.HttpWebRequest.GetResponse() at InstallerCore.Downloader.downloader_DoWork(Object
sender, DoWorkEventArgs e)
[ System Events ]
Error - 7/5/2017 7:00:17 PM | Computer Name = NONE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Avast.VC140.CRT could not be found and Last Error
was The referenced assembly is not installed on your system.
Error - 7/5/2017 7:00:17 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/5/2017 7:00:17 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference
error message: The operation completed successfully. .
Error - 7/5/2017 9:03:30 PM | Computer Name = NONE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Avast.VC140.CRT could not be found and Last Error
was The referenced assembly is not installed on your system.
Error - 7/5/2017 9:03:30 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/5/2017 9:03:30 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference
error message: The operation completed successfully. .
Error - 7/6/2017 7:58:04 AM | Computer Name = NONE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.229.212.39 on
the Network Card with network address 000DB002B902.
Error - 7/6/2017 7:58:54 AM | Computer Name = NONE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Avast.VC140.CRT could not be found and Last Error
was The referenced assembly is not installed on your system.
Error - 7/6/2017 7:58:54 AM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/6/2017 7:58:54 AM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference
error message: The operation completed successfully. .
< End of report >
OTL logfile created on: 7/6/2017 9:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\OldTIMER
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 25.23% Memory free
3.72 Gb Paging File | 2.15 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 17.14 Gb Free Space | 28.75% Space Free | Partition Type: NTFS
Computer Name: NONE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2017/07/06 09:15:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OldTIMER\OTL.exe
PRC - [2017/06/30 08:46:42 | 000,517,064 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2017/06/27 21:20:05 | 000,850,720 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\RealTimeProtector.exe
PRC - [2016/12/26 13:52:32 | 006,948,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\ASC.exe
PRC - [2016/12/16 18:05:26 | 002,913,568 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/12/12 14:37:20 | 000,462,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
PRC - [2016/12/05 22:47:10 | 003,332,384 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/11/10 15:05:27 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/10/31 12:26:00 | 001,808,672 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
PRC - [2016/10/26 13:30:28 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2016/10/26 12:56:38 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016/10/18 15:17:02 | 002,275,104 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/04/06 06:05:03 | 000,874,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/12/08 14:47:50 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/09/23 17:49:52 | 015,661,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2013/06/26 12:07:18 | 000,391,472 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2016/12/20 17:36:46 | 001,362,720 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\Scan.dll
MOD - [2016/11/01 11:11:58 | 000,078,624 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\GetProcessDLL.dll
MOD - [2016/10/26 13:00:44 | 003,072,000 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\16111000\algo.dll
MOD - [2016/10/26 12:56:51 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/10/26 12:56:38 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2016/10/26 12:56:38 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2016/09/26 14:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\ProductStatistics.dll
MOD - [2016/09/26 14:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2016/09/06 12:00:38 | 005,197,312 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libGLESv2.dll
MOD - [2016/09/06 12:00:36 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libEGL.dll
MOD - [2016/08/18 19:43:40 | 000,442,144 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2016/08/18 19:43:36 | 000,059,680 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2016/08/18 19:43:34 | 000,210,720 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2016/06/21 20:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2016/06/21 20:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2016/06/21 20:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/28 14:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\webres.dll
MOD - [2015/12/28 14:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\webres.dll
MOD - [2013/09/23 17:48:06 | 001,210,672 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/06/29 11:34:56 | 000,480,608 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
========== Services (SafeList) ==========
SRV - [2017/06/30 08:46:42 | 000,174,024 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/12/12 14:37:20 | 000,462,624 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService10)
SRV - [2016/10/28 15:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
SRV - [2016/10/26 13:30:28 | 000,078,032 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet)
SRV - [2016/10/26 12:56:38 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/12/08 14:47:50 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/03/11 17:44:52 | 000,241,728 | ---- | M] (Foxit Corporation) [On_Demand | Stopped] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/06/26 12:07:18 | 000,391,472 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2012/07/06 19:20:54 | 001,863,680 | ---- | M] (Ralink) [On_Demand | Stopped] -- C:\Program Files\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys -- (cpuz138)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2017/01/31 17:24:14 | 000,056,832 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GeneStor.sys -- (GeneStor)
DRV - [2017/01/03 16:19:39 | 000,011,904 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2017/01/03 16:01:41 | 000,023,840 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2016/11/10 15:05:28 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2016/10/26 12:56:54 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2016/10/26 12:56:54 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2016/10/26 12:56:54 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2016/10/26 12:56:54 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2016/10/26 12:56:54 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2016/10/26 12:56:53 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2016/10/26 12:56:35 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2016/03/22 12:02:16 | 000,015,824 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2014/12/08 14:34:21 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2013/09/06 21:51:06 | 001,660,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2012/10/25 10:43:10 | 000,026,336 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2012/07/31 07:57:15 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012/06/21 22:00:20 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/07 12:31:24 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/01/06 17:38:52 | 000,035,328 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/07/17 02:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/02 16:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/12/15 15:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\..\SearchScopes,DefaultScope = {3D585554-3A2C-4BF8-9587-2D99C7A6EBAD}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js..browser.search.countryCode: "US"
FF - user.js..browser.search.hiddenOneOffs: "Bing"
FF - user.js..browser.search.region: "US"
FF - user.js..browser.search.update: false
FF - user.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.5.0.1
FF - user.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.2.1 ESR\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.2.1 ESR\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/12/08 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2016/11/22 15:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\browser-extension-data
[2016/11/22 15:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\browser-extension-data\
[email protected]
[2017/06/02 19:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions
[2016/10/18 11:27:40 | 000,153,926 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions\
[email protected]
[2017/06/02 19:31:41 | 001,801,339 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions\
[email protected]
[2017/05/12 08:10:43 | 000,897,182 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2017/06/30 08:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
========== Chrome ==========
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal\1.0.4_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.13.0_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9931_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IObit Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O3 - HKCU\..\Toolbar\ShellBrowser: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKCU..\Run: [Advanced SystemCare 10] C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O15 - HKCU\..Trusted Domains: bitshares.org ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.1.29 10.1.12.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604E83AF-5CD9-4CB9-A64C-8DEB593318FE}: DhcpNameServer = 10.2.1.29 10.1.12.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/08 13:53:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2017/07/06 09:15:33 | 000,000,000 | ---D | C] -- C:\OldTIMER
[2017/07/06 09:10:38 | 000,000,000 | ---D | C] -- C:\EXEREPAIR
[2017/07/05 20:09:59 | 000,000,000 | ---D | C] -- C:\totalsystemcare
[2017/07/05 16:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\BitShares2-light
[2017/07/05 10:13:01 | 000,000,000 | ---D | C] -- C:\Data scales tolt
[2017/07/05 10:09:01 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2017/07/04 08:03:33 | 000,000,000 | ---D | C] -- C:\Bitshare
[2017/06/30 08:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Brother Printer
[2017/06/24 13:55:57 | 000,000,000 | ---D | C] -- C:\etherwallet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017/07/06 09:04:27 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2017/07/06 07:58:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_AutoAnalyze.job
[2017/07/05 21:06:26 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Driver Booster Scheduler.job
[2017/07/05 21:03:06 | 000,431,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2017/07/05 21:03:06 | 000,067,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2017/07/05 20:59:50 | 000,000,132 | ---- | M] () -- C:\Documents
[2017/07/05 20:59:47 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2017/07/05 20:59:17 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2017/07/05 20:59:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Update.job
[2017/07/05 20:59:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2017/07/05 20:58:58 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2017/07/05 20:58:58 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2017/07/05 20:58:55 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\ASC10_PerformanceMonitor.job
[2017/07/05 20:58:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/07/05 12:53:15 | 000,000,116 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2017/07/05 10:09:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2017/07/05 10:09:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_GeneStor_01009.Wdf
[2017/06/30 10:36:25 | 000,007,891 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2017/06/27 09:25:59 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 10.lnk
[2017/06/27 09:25:59 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 10.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017/07/05 10:09:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2017/07/05 10:09:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_GeneStor_01009.Wdf
[2017/07/04 10:31:10 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\BitShares2-light.lnk
[2017/02/13 13:14:19 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2017/02/13 13:14:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2017/02/13 13:14:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2017/02/13 13:14:19 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2017/02/13 13:14:19 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2017/02/13 13:14:19 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2017/02/13 13:14:19 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2017/02/13 13:14:19 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2017/02/13 13:14:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2017/02/13 13:14:19 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2017/02/13 13:14:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2017/02/13 13:14:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2017/02/13 13:14:19 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2017/02/13 13:14:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2017/02/13 13:14:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2017/02/13 13:14:19 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2017/02/13 13:14:19 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2017/02/13 13:14:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2017/02/13 13:14:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2017/01/08 12:48:38 | 000,007,891 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2017/01/08 12:48:38 | 000,007,819 | ---- | C] () -- C:\WINDOWS\BROMJ470DW.INI
[2017/01/05 10:01:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2017/01/05 10:01:52 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2016/12/29 15:03:57 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2016/12/29 15:03:44 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2016/12/16 13:10:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2016/11/25 10:18:30 | 000,000,116 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2016/11/24 09:46:43 | 000,015,568 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3029.abs
[2016/11/24 09:45:53 | 000,035,216 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs
[2016/11/22 15:46:27 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2016/11/22 15:46:27 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2016/11/22 15:46:27 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2016/11/22 15:46:27 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2016/11/22 15:45:40 | 000,013,973 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2016/11/22 14:48:00 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2016/11/22 14:47:15 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2016/10/26 13:19:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2016/10/26 12:56:56 | 000,209,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2016/10/26 12:56:56 | 000,049,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2016/10/26 12:56:56 | 000,024,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
========== ZeroAccess Check ==========
[2016/11/10 15:17:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/09/23 03:40:03 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >